wicket-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lu...@k40s.net
Subject Re: Apache Wicket & Static Analysis Security Testing
Date Tue, 12 Mar 2019 16:37:24 GMT

I use the FindBugs (SpotBugs) plugin for IntelliJ to scan for 
vulnerabilities. It's actually not made for security bugs but there is a 
plugin (FindSecBugs) with a focus on that.

In any case I'd say that it makes sense to use static code analyzers 
whenever possible.
Most of the found bugs will be Java related anyways.


Lukas Fülling

Am 2019-03-12 15:36, schrieb Eric Gulatee:
> Hello Wicketeers,
> Does anyone know if there are any SAST (Static Analysis Security
> Testing) tools (Commercial or OpenSource) that support Apache Wicket?
> https://www.owasp.org/index.php/Source_Code_Analysis_Tools
> Is there value in adopting a SAST tool if it doesn’t explicitly
> support the apache wicket framework?
> --
> Cheers,
> Eric Gulatee
> NYS OSC AppDev Enterprise Architect  [Garnet River & Abilis]

To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

View raw message