{"id":414,"date":"2015-05-03T00:00:00","date_gmt":"2015-05-03T00:00:00","guid":{"rendered":"http:\/\/www.scmgalaxy.com\/tutorials\/2015\/05\/03\/source-code-analysis-tools-evaluation-criteria\/"},"modified":"2017-12-21T06:52:03","modified_gmt":"2017-12-21T06:52:03","slug":"source-code-analysis-tools-evaluation-criteria","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/source-code-analysis-tools-evaluation-criteria\/","title":{"rendered":"Source code analysis tools: Evaluation criteria"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-3468 size-full\" src=\"http:\/\/www.scmgalaxy.com\/tutorials\/wp-content\/uploads\/2015\/05\/source-code-analysis-tools-.png\" alt=\"code-analysis-tools-evaluation-criteria\" width=\"600\" height=\"400\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2015\/05\/source-code-analysis-tools-.png 600w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2015\/05\/source-code-analysis-tools--300x200.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p><strong>Source code analysis tools: Evaluation criteria<\/strong><\/p>\n<p><strong>Support<\/strong>\u00a0for the programming languages you use. Some companies support mobile devices, while others concentrate on enterprise languages like Java, .Net, C, C++ and even Cobol.<\/p>\n<p><strong>Good bug-finding performance<\/strong>, using a proof of concept assessment. Hint: Use an older build of code you had issues with and see how well the product catches bugs you had to find manually. Look for both thoroughness and accuracy. Fewer false positives means less manual work.<\/p>\n<p><strong>Internal knowledge bases<\/strong>\u00a0that provide descriptions of vulnerabilities and remediation information. Test for easy access and cross-referencing to discovered findings.<\/p>\n<p><strong>Tight integration<\/strong>\u00a0with your development platforms. Long-term, you&#8217;ll likely want developers to incorporate security analysis into their daily routines.<\/p>\n<p><strong>A robust finding-suppression mechanism<\/strong>\u00a0to prevent false positives from reoccurring once you&#8217;ve verified them as a non-issue.<\/p>\n<p><strong>Ability to easily define additional rules<\/strong>\u00a0so the tool can enforce internal coding policies.<\/p>\n<p><strong>A centralized reporting component<\/strong>\u00a0if you have a large team of developers and managers who want access to findings, trending and overview reporting<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Source code analysis tools: Evaluation criteria Support\u00a0for the programming languages you use. Some companies support mobile devices, while others concentrate on enterprise languages like Java, .Net, C, C++ and even Cobol. Good bug-finding performance, using a proof of concept assessment. Hint: Use an older build of code you had issues with and see how well&#8230;<\/p>\n","protected":false},"author":1,"featured_media":3468,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","_joinchat":[],"footnotes":""},"categories":[2],"tags":[517,328,1590,1003,1092,1700,1699,1702,832,545,1703,302,872,1704,1698,1701,311,1452,670],"class_list":["post-414","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorised","tag-analysis","tag-bug","tag-choose","tag-code","tag-code-analysis-tools","tag-criteria","tag-evaluation","tag-evaluation-criteria","tag-find","tag-how","tag-how-to-evaluate-source-code-analysis-tools","tag-issue","tag-performance","tag-points","tag-source","tag-source-code-analysis-tools","tag-tools","tag-ways","tag-what"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/414","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=414"}],"version-history":[{"count":2,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/414\/revisions"}],"predecessor-version":[{"id":3469,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/414\/revisions\/3469"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media\/3468"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=414"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=414"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=414"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}