[Building Sakai] Coverity scan

Berg, A.M. A.M.Berg at uva.nl
Thu Sep 24 02:51:00 PDT 2009 

Hi all,

I totally like Stephens idea plus a security scan from Fortify https://opensource.fortify.com/teamserver/welcome.fhtml

I read the book  "Secure programming with static analysis" by the guys from Fortify http://www.youtube.com/watch?v=OVWHpyjqBkI 
The book included a CD ROM with a trial version of their software. Findbugs is part of the product and Fortis sponsors Findbugs.

I don't mind helping out with the audit. If the Foundation can get a copy of the Fortis software then I do not mind evaluating its potential as part of a continuous build environment. The evaluation copy included with the book had limitations on number of files it could test and is rather old. I do not mind trying out the coverity software as well. The motivation being advice from papers published on static code review tools, basically each tool has its own strengths and weaknesses, so they generally complement each other.

Regards,

Alan


Alan Berg

Senior Developer / Quality Assurance
Group Education and Research Services
Central Computer Services
University of Amsterdam

http://home.uva.nl/a.m.berg




-----Original Message-----
From: sakai-dev-bounces at collab.sakaiproject.org on behalf of Stephen Marquard
Sent: Wed 9/23/2009 22:16
To: sakai-dev at collab.sakaiproject.org
Subject: [Building Sakai] Coverity scan
 
It seems Coverity scan java open source projects now on request:

http://scan.coverity.com/devfaq.html

I'm wondering whether this would give us anything significantly beyond the Findbugs/PMD static code analysis run by Alan Berg and team.

Should we sign up Sakai for this?

Cheers
Stephen




_______________________________________________
sakai-dev mailing list
sakai-dev at collab.sakaiproject.org
http://collab.sakaiproject.org/mailman/listinfo/sakai-dev

TO UNSUBSCRIBE: send email to sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of "unsubscribe"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20090924/f7812e14/attachment.html

More information about the sakai-dev mailing list