Any open-source software that is similar to Fortify?

security open-source findbugs pmd fortify
17,782

Solution 1

If your focus is on security, you could benefit from additional security rules. Find Security Bugs is a set of detectors for FindBugs.

Disclaimer : I'm the author of the tool mention

Here is an exhaustive list of static analyzers maintained by the nist : http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html

Solution 2

Sonar is pretty similar to Fortify. However, it focuses more on code quality/metrics rather than security. There is some overlap in informational. Additionally, there are plugins for Sonar such as Security Rules that allow you to add more security metrics.

Share:
17,782
jj pan
Author by

jj pan

Updated on June 19, 2022

Comments

  • jj pan
    jj pan almost 2 years

    I have been using PMD and Findbug for my application but fortify managed to detect some of the security vulnerabilities in my application. I am wondering if there is other open-source software that does the similar job as Fortify?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I see all the rules of Fortify Secure Coding Rules?
Is EnableHeaderChecking=true enough to prevent Http Header Injection attacks?
Is open source software vulnerable to viruses?
How to fix "Path Manipulation Vulnerability" in some Java Code?
MALICIOUS_CODE EI_EXPOSE_REP Medium
How to export FindBugs/PMD/Checkstyle rules from Sonar and import into Netbeans
Checkstyle vs. PMD
What are the differences between PMD and FindBugs?
Is SonarQube Replacement for Checkstyle, PMD, FindBugs?
log forging fortify fix