[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-devel
Subject: Re: Introducing the "Debian's Automated Code Analysis" (DACA)
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <jfs () computer ! org>
Date: 2010-12-18 19:07:13
Message-ID: 20101218190713.GA6243 () javifsp ! no-ip ! org
[Download RAW message or body]
On Thu, Dec 16, 2010 at 12:00:21PM -0600, Raphael Geissert wrote:
> = What is there for everyone? =
>
> At the moment there are only partial reports from two tools, but the list of
> tools to be evaluated and possibly included goes over twenty.
I would be glad if the tools included some security auditing tools such as:
+ Available as Debian packages
- RATS: security auditing utility for C, C++, PHP, Perl, and Python code
- Flawfinder: securty flaw search tool for C/C++ source code
- Split: a tool for statically checking C programs for bugs
- Jlint: Tool to check Java code for bugs, inconsistencies and
synchronization problems
+ There are some other static security analysis currently not available in
Debian, such as:
- FindBugs: a tool for static analysis of Java code
http://findbugs.sourceforge.net/
- JCSC: Java source code checker - http://jcsc.sourceforge.net/
- PMD: Tool to review Java code for bugs - http://pmd.sourceforge.net/
As Debian is getting more java code in now it would be worth it to have some
Jave tools in the toolbox too.
Just my 2cents.
Regards
Javier
["signature.asc" (application/pgp-signature)]
--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20101218190713.GA6243@javifsp.no-ip.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic