Hi! > If you look inside the build configuration, you will see make targets > for findbugs. All you have to do is put findbugs in the correct > directory, then do a 'make findbugs'
^-- Findbugs is an excellent tool for Java bytecode static analysis. However, Java source code analysers are great addition, too. We successfully combine findbugs and checkstyle (checkstyle.sf.net); the JChord seems to be promissing - read "distinctive enough" - but it seems to be far from useful deployment yet. Btw, how findbugs is used, when Android does not have java bytecode, only sourcecode? :-) > I was more interested in scanning tools for C and C++ as there does > not seem to be a FOSS alternative. ^-- Well, the root cause is that it is _much_ easier to analyse Java code than C code - only macros and preproprocesor options [working on textual level] make any semantic analysis impossible. Anyhow, we find 'flawfinder' tool to be useful for C code. Please, share your experience with similar tools. J. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
