Yasca
![]() | This article needs additional citations for verification. (September 2010) |
![]() "Yet Another Source Code Analyzer" | |
Developer(s) | Michael Scovetta |
---|---|
Stable release | 2.2
/ June 4, 2010 |
Written in | PHP, Java |
Operating system | Cross-platform |
Size | 12MB-155MB |
Available in | English |
Type | Software Quality, Software Security |
License | BSD License, GPL License, GNU Lesser General Public License, Others |
Website | yasca sourceforge |
Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It leverages external open source programs, such as FindBugs, PMD, , JavaScript Lint, , Cppcheck, ClamAV, , and to scan specific file types,[1] and also contains many custom scanners developed for Yasca. It is a command-line tool that generates reports in HTML, CSV, XML, MySQL, SQLite, and other formats. It is listed as an inactive project at the well-known OWASP security project,[2] and also in a government software security tools review at the U.S Department of Homeland Security web site.[3]
Languages Scanned[]
Yasca has at least one scanner for each of the following file types:
- .NET (VB.NET, C#, ASP.NET)
- ASP
- C/C++
- COBOL
- ColdFusion
- CSS
- HTML
- Java
- JavaScript
- Perl
- PHP
- Python
- Raw HTTP Traffic
- Visual Basic
Yasca 2.2[]
Version 2.2 was released in June 2010 and included a large number of minor updates over version 2.1, most notably, natively compiled plugins on Linux, reducing the need to use Wine. Version 2.2 contains some experimental modules, including a TCP packet logger and a rule to scan those logs for sensitive information. Additional rules for this are expected in the next update.
As with prior 2.x releases, Yasca comes packaged as a core bundle, plus separately downloadable plugins. No plugins are required, but best results occur when using all of the necessary plugins.
References[]
- ^ Clarke, Justin (2009). SQL Injection Attacks and Defense. Syngress. p. 125. ISBN 978-1-59749-424-3.
- ^ "Category:OWASP Yasca Project". OWASP. Retrieved 14 September 2010.
- ^ "Software Security Assessment Tools Review" (PDF). Homeland Security. Retrieved 14 September 2010.
External links[]
- Static program analysis tools
- Software using the BSD license