Out of my curiosity/ignorance, have you considered Dehydra and Treehydra of Mozilla for inclusion?
On Tue, Dec 21, 2010 at 4:13 AM, Raphael Geissert <geiss...@debian.org> wrote: > Hi, > > Javier Fernández-Sanguino Peña wrote: > >> On Thu, Dec 16, 2010 at 12:00:21PM -0600, Raphael Geissert wrote: >>> = What is there for everyone? = >>> >>> At the moment there are only partial reports from two tools, but the list >>> of tools to be evaluated and possibly included goes over twenty. >> >> I would be glad if the tools included some security auditing tools such >> as: >> >> + Available as Debian packages >> - RATS: security auditing utility for C, C++, PHP, Perl, and Python >> code >> - Flawfinder: securty flaw search tool for C/C++ source code > > To be honest, the results of both tools are usually just noise and it would > be better if the C/C++ checks that are not implemented by cppcheck were > contributed. > I'm not opposed to running them either, but they will be down on my To-Do > list. If anyone has a few minutes to come up with the right scripts and > tweaks to the web reports, please subscribe and email the daca- > de...@lists.alioth.d.o list. > >> - Split: a tool for statically checking C programs for bugs > > Splint has better results than rats and flawfinder, but the same arguments > apply. > >> - Jlint: Tool to check Java code for bugs, inconsistencies and >> synchronization problems >> >> + There are some other static security analysis currently not available >> in Debian, such as: >> - FindBugs: a tool for static analysis of Java code >> http://findbugs.sourceforge.net/ >> - JCSC: Java source code checker - http://jcsc.sourceforge.net/ >> - PMD: Tool to review Java code for bugs - http://pmd.sourceforge.net/ >> >> As Debian is getting more java code in now it would be worth it to have >> some Jave tools in the toolbox too. > > Niels Thykier said he would look into the java stuff, so that's probably > covered (if more people want to join, they are of course welcome.) > > Thanks for your email. > > Cheers, > -- > Raphael Geissert - Debian Developer > www.debian.org - get.debian.net > > > -- > To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/4d0ff7ed.0421970a.166e.6...@mx.google.com > > -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktim4arlb_t-+cpdy8mvo5aqresizmsxk22cmp...@mail.gmail.com
