Thanks Christian. I'm familiar with SonarQube. I'll have to take a look at the plugin.
On Thu, Mar 18, 2021 at 11:28 AM Christian Pervoelz <[email protected]> wrote: > Hi, > > > Are there open source security code scanners? > I think SonarQube would be good try: https://www.sonarqube.org/ > > You can install the server locally and configure it to your needs. Afaik > everything is open source (https://github.com/SonarSource/sonarqube). > > Security issues are just a portion of the tons of checks it provides (so > setting it up might take a while, but it's worth it). > > There's also a plug-in for NB, but it's rather old, so I'm not sure it > still works: https://github.com/hmvictor/radar-netbeans > > Greetz > -C > > > Am Do., 18. März 2021 um 00:16 Uhr schrieb Steven Ingram < > [email protected]>: > > > Dang. That would be much easier if their code was open source. At this > > point I'll just have to stick with my Spring TS work around. > > Are there open source security code scanners? Most of those fools want > you > > to pay for their junk. > > With this particular IDE plugin scanner you have to select code or a file > > less than a Meg to scan. > > > > A better solution would be to have inline scanning that would alert you > to > > issues as your completing source code, IMO. > > > > > > Regards, > > Steven > > > > > > On Wed, Mar 17, 2021 at 4:19 PM Geertjan Wielenga > > <[email protected]> wrote: > > > > > It will need to be recreated as a NetBeans plugin from scratch, > probably > > > the business logic could be reused, the UI, if any, would need to be > > > rewritten in Swing. > > > > > > You rock too. :-) > > > > > > Thanks, > > > > > > Gj > > > > > > On Wed, Mar 17, 2021 at 8:58 PM Steven Ingram < > > [email protected] > > > > > > > wrote: > > > > > > > Hey Y'all. I've been watching this list for a long time and I'm > > hoping > > > to > > > > come back and actually get some work done. My day time gig has been > > very > > > > demanding lately. I have a question for you though. > > > > > > > > My employer has a contract with a security code scanning company and > > that > > > > company has released a plugin version of their scanner for all the > best > > > > IDEs (NOT). Of course Apache Netbeans is not in their support list > > and I > > > > loathe Eclipse and I've never wanted to pay for Jetbrains plus I've > > been > > > > using Netbeans for 16 years. > > > > > > > > My employer has noticed that I've not used the plugin (which they > pay a > > > > license to use) and I've bubbled straight to the top with not using > my > > > > license :) Geez. Anyhow I have the eclipse plugin on hand it's a > jar > > > > file. How difficult would it be to wire in a plugin made for Eclipse > > > into > > > > Netbeans? I understand this would be a costume build and I'm not > > afraid > > > > of that. > > > > > > > > Any thoughts or opinions? > > > > At this point I've added the plugin to my Spring TS and used it there > > to > > > > appease the licensing gods that be. > > > > > > > > You all rock!!! > > > > > > > > > > > > Steven Rex Ingram > > > > 919-376-7363 > > > > > > > > > >
