[Daca-general] Introducing the "Debian's Automated Code Analysis" (DACA) project
Mohammad Ebrahim Mohammadi Panah
ebrahim at mohammadi.ir
Tue Dec 21 07:05:56 UTC 2010
Out of my curiosity/ignorance, have you considered Dehydra and
Treehydra of Mozilla for inclusion?
On Tue, Dec 21, 2010 at 4:13 AM, Raphael Geissert <geissert at debian.org> wrote:
> Hi,
>
> Javier Fernández-Sanguino Peña wrote:
>
>> On Thu, Dec 16, 2010 at 12:00:21PM -0600, Raphael Geissert wrote:
>>> = What is there for everyone? =
>>>
>>> At the moment there are only partial reports from two tools, but the list
>>> of tools to be evaluated and possibly included goes over twenty.
>>
>> I would be glad if the tools included some security auditing tools such
>> as:
>>
>> + Available as Debian packages
>> - RATS: security auditing utility for C, C++, PHP, Perl, and Python
>> code
>> - Flawfinder: securty flaw search tool for C/C++ source code
>
> To be honest, the results of both tools are usually just noise and it would
> be better if the C/C++ checks that are not implemented by cppcheck were
> contributed.
> I'm not opposed to running them either, but they will be down on my To-Do
> list. If anyone has a few minutes to come up with the right scripts and
> tweaks to the web reports, please subscribe and email the daca-
> devel at lists.alioth.d.o list.
>
>> - Split: a tool for statically checking C programs for bugs
>
> Splint has better results than rats and flawfinder, but the same arguments
> apply.
>
>> - Jlint: Tool to check Java code for bugs, inconsistencies and
>> synchronization problems
>>
>> + There are some other static security analysis currently not available
>> in Debian, such as:
>> - FindBugs: a tool for static analysis of Java code
>> http://findbugs.sourceforge.net/
>> - JCSC: Java source code checker - http://jcsc.sourceforge.net/
>> - PMD: Tool to review Java code for bugs - http://pmd.sourceforge.net/
>>
>> As Debian is getting more java code in now it would be worth it to have
>> some Jave tools in the toolbox too.
>
> Niels Thykier said he would look into the java stuff, so that's probably
> covered (if more people want to join, they are of course welcome.)
>
> Thanks for your email.
>
> Cheers,
> --
> Raphael Geissert - Debian Developer
> www.debian.org - get.debian.net
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-REQUEST at lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster at lists.debian.org
> Archive: http://lists.debian.org/4d0ff7ed.0421970a.166e.63ee@mx.google.com
>
>
More information about the Daca-general
mailing list