For Java code scanning you can use anything like BlackDuck, Snyk, etc. all for Java code / libs security scanning.
GWT code is just Java code. If you need to scan the "result" then you can scan the JavaScript result... I'm not sure whether this makes sense? [email protected] schrieb am Freitag, 10. September 2021 um 09:57:07 UTC+2: > What kind of security vulnerabilities are you looking for? > Of the OWASP Top 10, I think only XSS could be detected by static > analysis, looking for any call to unsafe methods, making sure you're using > SafeHtml et al. everywhere (and SafeHtmlUtils.fromSafeConstant and > SafeHtmlUtils.fromTrustedString, and similar SafeStylesUtils and UriUtils > methods, would still have to be manually inspected). I believe Google has > some ErrorProne check for that (which would respect > @SuppressIsSafeHtmlCastCheck et al.), but I don't think they opensourced it. > > On Friday, September 10, 2021 at 8:09:53 AM UTC+2 Niraj Salot wrote: > >> Which tools can be used to Scan the GWT Source Code for doing Security >> Scan? >> >> -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/82fb3cf4-865a-4194-a6a5-a4093bea9875n%40googlegroups.com.
