Difference between revisions of "Zaqar/bp/havana/security-testing"
|Line 12:||Line 12:|
Revision as of 12:09, 26 August 2013
Jenkins can be used to scan the source code after every code submit or on a regular basis (Zuul to schedule the job) to find simple vulnerabilities. We are limited to freely available code scanners, some examples that need to be verified are
- rats (C, C++, Perl, PHP, Python)
- pylint quality checker (Python)
- PyChecker code checker (Python, last release 2011)
- FindBugs (Java)
- Yasca Meta-tool to leverage existing tools for scanning (also supports Python)
- brakeman Rails security code scanner, good integration in Jenkins (Ruby on Rails)
- more tools are listed at Wikipedia
Several security issues could be easily find using security test-suites that run against a deployed version of OpenStack.