Any open-source software that is similar to Fortify?
Solution 1
If your focus is on security, you could benefit from additional security rules. Find Security Bugs is a set of detectors for FindBugs.
Disclaimer : I'm the author of the tool mention
Here is an exhaustive list of static analyzers maintained by the nist : http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html
Solution 2
Sonar is pretty similar to Fortify. However, it focuses more on code quality/metrics rather than security. There is some overlap in informational. Additionally, there are plugins for Sonar such as Security Rules that allow you to add more security metrics.
jj pan
Updated on June 19, 2022Comments
-
jj pan almost 2 years
I have been using PMD and Findbug for my application but fortify managed to detect some of the security vulnerabilities in my application. I am wondering if there is other open-source software that does the similar job as Fortify?