I have been using PMD and Findbug for my application but fortify managed to detect some of the security vulnerabilities in my application. I am wondering if there is other open-source software that does the similar job as Fortify?
Asked
Active
Viewed 1.8k times
2 Answers
9
If your focus is on security, you could benefit from additional security rules. Find Security Bugs is a set of detectors for FindBugs.
Disclaimer : I'm the author of the tool mention
Here is an exhaustive list of static analyzers maintained by the nist : http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html
h3xStream
- 6,293
- 2
- 47
- 57
-
Hey @h3xStream is it possible to use your plugin in build.xml? – Jigar Mar 16 '16 at 22:40
-
I have not use it myself. But here is the doc: http://findbugs.sourceforge.net/manual/anttask.html – h3xStream Mar 17 '16 at 16:11
1
Sonar is pretty similar to Fortify. However, it focuses more on code quality/metrics rather than security. There is some overlap in informational. Additionally, there are plugins for Sonar such as Security Rules that allow you to add more security metrics.
Talon876
- 1,482
- 11
- 17