Nytro Posted January 5, 2015 Report Share Posted January 5, 2015 YASCA (Yet Another Source Code Analyzer) analyzes Java, and C/C++ primarily, with other languages and JavaScript for security flaws and other bugs. Its’ creator, Michael Scovetta, aggregated many other popular static analysis tools and made it easy-to-integrate with a variety of other tools, including others on this list: FindBugs, CppCheck, and more. The tool was created in 2008 to help developers in looking for security bugs by automating part of their code review and finding the “low hanging fruit.”For more info on Yasca, check out this presentation that the creator, Michael Scovetta gave at the NY PHP Conference in ’09. The latest version, 3.0.4, was released in 2012. See the GitHub repository here.The Good: The fact that YASCA is an aggregated tool from other powerful tools, it took the best parts of each and combined for broader coverageThe Not-As-Good: Broader does not mean deeper: Keep in mind that this tool was built to look for low-hanging fruits like SQL injections and XSS, so be wary of missing more serious issues.Sursa: https://github.com/scovetta/yasca Quote Link to comment Share on other sites More sharing options...
