Hi,
I use the FindBugs (SpotBugs) plugin for IntelliJ to scan for
vulnerabilities. It's actually not made for security bugs but there is a
plugin (FindSecBugs) with a focus on that.
In any case I'd say that it makes sense to use static code analyzers
whenever possible.
Most of the found bugs will be Java related anyways.
Regards
Lukas Fülling
Am 2019-03-12 15:36, schrieb Eric Gulatee:
Hello Wicketeers,
Does anyone know if there are any SAST (Static Analysis Security
Testing) tools (Commercial or OpenSource) that support Apache Wicket?
https://www.owasp.org/index.php/Source_Code_Analysis_Tools
Is there value in adopting a SAST tool if it doesn’t explicitly
support the apache wicket framework?
--
Cheers,
Eric Gulatee
NYS OSC AppDev Enterprise Architect [Garnet River & Abilis]
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
