Difference between revisions of "Zaqar/bp/havana/security-testing"
< Zaqar
Thomas Biege (talk | contribs) |
Thomas Biege (talk | contribs) (→Code Scanning) |
||
Line 1: | Line 1: | ||
==Code Scanning== | ==Code Scanning== | ||
− | Jenkins can be used to scan the source code after every code submit or on a regular basis to find simple vulnerabilities. | + | Jenkins can be used to scan the source code after every code submit or on a regular basis (''Zuul'' to schedule the job) to find simple vulnerabilities. |
We are limited to freely available code scanners, some examples that need to be verified are | We are limited to freely available code scanners, some examples that need to be verified are | ||
# [https://code.google.com/p/rough-auditing-tool-for-security/ rats] (C, C++, Perl, PHP, Python) | # [https://code.google.com/p/rough-auditing-tool-for-security/ rats] (C, C++, Perl, PHP, Python) |
Revision as of 09:36, 26 August 2013
Contents
Code Scanning
Jenkins can be used to scan the source code after every code submit or on a regular basis (Zuul to schedule the job) to find simple vulnerabilities. We are limited to freely available code scanners, some examples that need to be verified are
- rats (C, C++, Perl, PHP, Python)
- pylint quality checker (Python)
- PyChecker code checker (Python, last release 2011)
- FindBugs (Java)
- Yasca Meta-tool to leverage existing tools for scanning (also supports Python)
- brakeman Rails security code scanner, good integration in Jenkins (Ruby on Rails)
- more tools are listed at Wikipedia