Consider security rules for static/dynamic code analysis #11
Assignees
Labels
status:team discussion
The team needs to discuss how to deal with the issue's request
type:enhancement
Enhancement of the functionality of the software
Comments
|
We consider to support such analyses. But it requires to collect much more information on the source code base then we do it now. |
|
Thanks ! I am very interested and willing to help. |
obfischer
added
the
type:enhancement
obfischer
added
the
status:team discussion
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Great project guys !
I was wondering if jqassistant is capable of making software more security by creating rules specifically for security analysis. Data flow, control flow, semantic -, structural -, configuration -, and buffer analysis are a lot easier once you have a full AST. As an example, PMD has a special rule set for security : https://github.com/GDSSecurity/GDS-PMD-Security-Rules.
The text was updated successfully, but these errors were encountered: