Zaqar/bp/havana/security-testing
< Zaqar
Revision as of 09:33, 26 August 2013 by Thomas Biege (talk | contribs)
Contents
Code Scanning
Jenkins can be used to scan the source code after every code submit or on a regular basis to find simple vulnerabilities. We are limited to freely available code scanners, some examples that need to be verified are
- rats (C, C++, Perl, PHP, Python)
- pylint quality checker (Python)
- PyChecker code checker (Python, last release 2011)
- FindBugs (Java)
- Yasca Meta-tool to leverage existing tools for scanning (also supports Python)
- brakeman Rails security code scanner, good integration in Jenkins (Ruby on Rails)
- more tools are listed at Wikipedia