Open Source ChromeOS Static Code Analysis Tools

VM was built to provide “Executable architecture” for Java Static Application Security Testing (SAST) scanning and vulnerabilities remediation - as proof-of-concept and quick start or learning environment for the Java developers/security experts looking to enhance code quality and security by applying open-source static code analysis tool. I used SonarCube Community Edition V10.6 (latest free edition) against the latest codebase of the OWASP WebGoat - both real-life project with considerable codebase To demonstrate how you could start remediation by targeting most severe “Security Hotspots” (in SonarCube lingo it’s highlights of potential severe vulnerabilities) I did a quick tour on SonarCube web UI digging in to SQLInjection: https://www.youtube.com/watch?v=yBeJr38DAFE

Anduin aims to replace perl, python, tcl, and others as the workhorse language in industrial programming projects. It places emphasis on enabling the interpreter to perform compile-time static code analysis as a means of closing the development loop faster and letting fewer bugs get to the user.

Symfony extension for PHPStan. Sometimes, when you are dealing with optional dependencies, the ::has() methods can cause problems. For example, the following construct would complain that the condition is always either on or off, depending on whether you have the dependency for service installed. You can opt in for more advanced analysis of Symfony Console Commands by providing the console application from your own application. This will allow the correct argument and option types to be inferred when accessing $input-getArgument() or $input->getOption().