I am looking for an open source static source code analysis tool that can be used for security testing of an android application. I need to make sure that my application is PCI compliant.
An example of a non-open source tool is Fortify.
Anyone can help in providing a list of recommended software?
Asked
Active
Viewed 2,978 times
6
Strider007
- 4,615
- 7
- 25
- 26
2 Answers
1
There are so many open source tools for Source Code Analysis Tool For Java like Dependometer,FindBugs,QJ-Pro etc.
For more details with lists.
Another link
Shreyos Adikari
- 12,348
- 19
- 73
- 82
-
1Thats a comprehensive list of open source tools , thanks for sharing. – Madhu V Rao Apr 09 '13 at 08:29
1
PMD and FindBugs are some of the best Static code analysers that I have worked on. You can try them. You can add your own rule and delete some of the existing ones from them.
https://www.sparkred.com/blog/open-source-java-static-code-analyzers/
Madhu V Rao
- 917
- 1
- 12
- 24
-
Actually am looking for some that are more security oriented. I am aware of PMD and FindBugs, but i don't think they fit for security. Thanks anyway. – Strider007 Apr 09 '13 at 08:26
-
Have you looked into Coverity scan? http://www.webvivant.com/open-source-security.html – Madhu V Rao Apr 09 '13 at 08:36