I am looking for an open source static source code analysis tool that can be used for security testing of an android application. I need to make sure that my application is PCI compliant.
An example of a non-open source tool is Fortify.
Anyone can help in providing a list of recommended software?
Open Source Static Source Code Analysis Tool (Security Oriented) For Java
PMD and FindBugs are some of the best Static code analysers that I have worked on. You can try them. You can add your own rule and delete some of the existing ones from them.
https://www.sparkred.com/blog/open-source-java-static-code-analyzers/
Actually am looking for some that are more security oriented. I am aware of PMD and FindBugs, but i don't think they fit for security. Thanks anyway. –
Alkaline
Have you looked into Coverity scan? webvivant.com/open-source-security.html –
Names
There are so many open source tools for Source Code Analysis Tool For Java like Dependometer,FindBugs,QJ-Pro etc.
For more details with lists.
Another link
Thats a comprehensive list of open source tools , thanks for sharing. –
Names
PMD and FindBugs are some of the best Static code analysers that I have worked on. You can try them. You can add your own rule and delete some of the existing ones from them.
https://www.sparkred.com/blog/open-source-java-static-code-analyzers/
Actually am looking for some that are more security oriented. I am aware of PMD and FindBugs, but i don't think they fit for security. Thanks anyway. –
Alkaline
Have you looked into Coverity scan? webvivant.com/open-source-security.html –
Names
© 2022 - 2024 — McMap. All rights reserved.