I use the FindBugs (SpotBugs) plugin for IntelliJ to scan for vulnerabilities. It's actually not made for security bugs but there is a plugin (FindSecBugs) with a focus on that.

In any case I'd say that it makes sense to use static code analyzers whenever possible.
Most of the found bugs will be Java related anyways.


Lukas Fülling

Am 2019-03-12 15:36, schrieb Eric Gulatee:
Hello Wicketeers,

Does anyone know if there are any SAST (Static Analysis Security
Testing) tools (Commercial or OpenSource) that support Apache Wicket?

Is there value in adopting a SAST tool if it doesn’t explicitly
support the apache wicket framework?


Eric Gulatee
NYS OSC AppDev Enterprise Architect  [Garnet River & Abilis]

To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org

Reply via email to