Hi, > Are there open source security code scanners? I think SonarQube would be good try: https://www.sonarqube.org/
You can install the server locally and configure it to your needs. Afaik everything is open source (https://github.com/SonarSource/sonarqube). Security issues are just a portion of the tons of checks it provides (so setting it up might take a while, but it's worth it). There's also a plug-in for NB, but it's rather old, so I'm not sure it still works: https://github.com/hmvictor/radar-netbeans Greetz -C Am Do., 18. März 2021 um 00:16 Uhr schrieb Steven Ingram < [email protected]>: > Dang. That would be much easier if their code was open source. At this > point I'll just have to stick with my Spring TS work around. > Are there open source security code scanners? Most of those fools want you > to pay for their junk. > With this particular IDE plugin scanner you have to select code or a file > less than a Meg to scan. > > A better solution would be to have inline scanning that would alert you to > issues as your completing source code, IMO. > > > Regards, > Steven > > > On Wed, Mar 17, 2021 at 4:19 PM Geertjan Wielenga > <[email protected]> wrote: > > > It will need to be recreated as a NetBeans plugin from scratch, probably > > the business logic could be reused, the UI, if any, would need to be > > rewritten in Swing. > > > > You rock too. :-) > > > > Thanks, > > > > Gj > > > > On Wed, Mar 17, 2021 at 8:58 PM Steven Ingram < > [email protected] > > > > > wrote: > > > > > Hey Y'all. I've been watching this list for a long time and I'm > hoping > > to > > > come back and actually get some work done. My day time gig has been > very > > > demanding lately. I have a question for you though. > > > > > > My employer has a contract with a security code scanning company and > that > > > company has released a plugin version of their scanner for all the best > > > IDEs (NOT). Of course Apache Netbeans is not in their support list > and I > > > loathe Eclipse and I've never wanted to pay for Jetbrains plus I've > been > > > using Netbeans for 16 years. > > > > > > My employer has noticed that I've not used the plugin (which they pay a > > > license to use) and I've bubbled straight to the top with not using my > > > license :) Geez. Anyhow I have the eclipse plugin on hand it's a jar > > > file. How difficult would it be to wire in a plugin made for Eclipse > > into > > > Netbeans? I understand this would be a costume build and I'm not > afraid > > > of that. > > > > > > Any thoughts or opinions? > > > At this point I've added the plugin to my Spring TS and used it there > to > > > appease the licensing gods that be. > > > > > > You all rock!!! > > > > > > > > > Steven Rex Ingram > > > 919-376-7363 > > > > > >
