Have bears analyzing for security

[sims1253]

A lot of people at the Linuxwochen were asking if coala can do some security related analysis.

[gitmate-bot]

Thanks for reporting this issue!

Your aid is required, fellow coalaian. Help us triage and solving this issue!

CC @sils1297, @AbdealiJK

[AbdealiLoKo]

Security related analysis is a whole new sphere. It's not easy and most of the times it isn't possible to do it with static analysis tools.

OWASP is the de-facto place to look for security related information. It has a list of security analysis tools: https://www.owasp.org/index.php/Source_Code_Analysis_Tools

Note: PMD already does some security analysis !

On Sat, Apr 30, 2016 at 8:36 PM, GitMate notifications@github.com wrote:

Thanks for reporting this issue!

Your aid is required, fellow coalaian. Help us triage and solving this issue!

CC @sils1297 https://github.com/sils1297, @AbdealiJK https://github.com/AbdealiJK

— You are receiving this because you were mentioned. Reply to this email directly or view it on GitHub https://github.com/coala-analyzer/coala-bears/issues/389#issuecomment-215972152

[sils]

I think we really should look into this, coala is great for non real-time stuff and security and other analysis is totally important IMO

[sils]

see also https://www.checkmarx.com/2014/11/13/the-ultimate-list-of-open-source-static-code-analysis-security-tools/

[sils]

see also http://www.dwheeler.com/essays/static-analysis-tools.html

[arafsheikh]

see also https://www.owasp.org/index.php/Source_Code_Analysis_Tools