[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Introducing the "Debian's Automated Code Analysis" (DACA) project

On Thu, Dec 16, 2010 at 12:00:21PM -0600, Raphael Geissert wrote:
> = What is there for everyone? =
> At the moment there are only partial reports from two tools, but the list of 
> tools to be evaluated and possibly included goes over twenty.

I would be glad if the tools included some security auditing tools such as:

 + Available as Debian packages
   - RATS: security auditing utility for C, C++, PHP, Perl, and Python code
   - Flawfinder: securty flaw search tool for  C/C++ source code 
   - Split: a tool for statically checking C programs for bugs
   - Jlint: Tool to check Java code for  bugs, inconsistencies and
     synchronization problems

 + There are some other static security analysis currently not available in
 Debian, such as:
   - FindBugs: a tool for static analysis of Java code
   - JCSC: Java source code checker - http://jcsc.sourceforge.net/
   - PMD: Tool to review Java code for bugs - http://pmd.sourceforge.net/

 As Debian is getting more java code in now it would be worth it to have some
 Jave tools in the toolbox too.

 Just my 2cents.



Attachment: signature.asc
Description: Digital signature

Reply to: