Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Research on static code analysis tools #4571

Open
SelinaBuff opened this issue Oct 21, 2024 · 0 comments
Open

Research on static code analysis tools #4571

SelinaBuff opened this issue Oct 21, 2024 · 0 comments
Assignees
@Yaazizi

Comments

@SelinaBuff
Copy link
Collaborator

Research on static code analysis tools

Description/Goal: We need research on static code analysis tools that focus on identifying security vulnerabilities. The goal is to select a tool that improves code quality and enhances software security, ensuring compliance with security standards.

Identify Relevant Tools:

  • Research available static code analysis tools on the market (e.g., SonarQube, Checkmarx, Veracode, Fortify, etc.)
  • Talk to other people (e.g. Simon)

Criteria/Provide a Recommendation:

  • Security detection capabilities, ease of use, integration options (e.g., CI/CD pipelines), supported programming languages and frameworks
  • Pros and cons of each tool
  • Justify the recommendation based on the analysis.
@SelinaBuff SelinaBuff moved this from Todo to In Progress in scrumlr.io Nov 12, 2024
@SelinaBuff SelinaBuff moved this from In Progress to Todo in scrumlr.io Nov 12, 2024
@Yaazizi Yaazizi moved this from Todo to In Progress in scrumlr.io Nov 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Yaazizi Yaazizi

Labels
None yet
Projects
scrumlr.io
Status: Review
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SelinaBuff @Yaazizi