タグ検索の該当結果が少ないため、タイトル検索結果を表示しています。
Pysa: An open source static analysis tool to detect and prevent security issues in Python code
Pysa: An open source static analysis tool to detect and prevent security issues in Python code Today, we are sharing details about Pysa, an open source static analysis tool we’ve built to detect and prevent security and privacy issues in Python code. Last year, we shared how we built Zoncolan, a static analysis tool that helps us analyze more than 100 million lines of Hack code and has helped engi
GitHub - semgrep/semgrep: Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
This repository contains the source code for Semgrep OSS (open-source software). Semgrep OSS is a fast, open-source, static analysis tool for searching code, finding bugs, and enforcing code standards at editor, commit, and CI time. Semgrep is a semantic grep for code: where grep "2" would only match the exact string 2, Semgrep would match x = 1; y = x + 1 when searching for 2. And it does this in
GitHub - microsoft/ApplicationInspector: A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scannin
Microsoft Application Inspector is a software source code characterization tool that helps identify coding features of first or third party software components based on well-known library/API calls and is helpful in security and non-security use cases. It uses hundreds of rules and regex patterns to surface interesting characteristics of source code to aid in determining what the software is or wh
GitHub - praetorian-inc/gokart: A static analysis tool for securing Go code
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Instagram Server is entirely Python powered. Well, mostly. There’s also some Cython, and our dependencies include a fair amount of C++ code exposed to Python as C extensions. Our server app is a monolith, one big codebase of several million lines and a few thousand Django endpoints [1], all loaded up and served together. A few services have been split out of the monolith, but we don’t have any pla
GitHub - kaleidawave/ezno: A JavaScript compiler and TypeScript checker written in Rust with a focus on static analysis and runtime performance
What Ezno is A type checker for JavaScript usable through a CLI (with a LSP also in the works) A high level library that allows type checking to be added to other tools! Checks programs with guaranteed type safety (no runtime TypeErrors) (as long as definitions are sound) Types aimed at soundness and tracing for better static analysis A imperative type system that tracks and evaluates the side eff
GitHub - dsherret/ts-morph: TypeScript Compiler API wrapper for static analysis and programmatic code changes.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Zoncolan: How Facebook uses static analysis to detect and prevent security issues
Zoncolan: How Facebook uses static analysis to detect and prevent security issues Facebook’s web codebase currently contains more than 100 million lines of Hack code, and changes thousands of times per day. To handle the sheer volume of code, we build sophisticated systems that help our security engineers review code. Today, we are sharing the details of one of those tools, called Zoncolan, for th
Improvements to static analysis in the GCC 14 compiler | Red Hat Developer
I work at Red Hat on GCC, the GNU Compiler Collection. For the last five releases of GCC, I've been working on -fanalyzer, a static analysis pass that tries to identify various problems at compile-time, rather than at runtime. It performs "symbolic execution" of C source code—effectively simulating the behavior of the code along the various possible paths of execution through it. This article summ
Give PHP the love it deserves It’s easy to make great things in PHP, but bugs can creep in just as easily. Psalm is a free & open-source static analysis tool that helps you identify problems in your code, so you can sleep a little better. Psalm helps people maintain a wide variety of codebases – large and small, ancient and modern. On its strictest setting it can help you prevent almost all type-r
UPM is our internal standalone library to perform static analysis of SQL code and enhance SQL authoring. UPM takes SQL code as input and represents it as a data structure called a semantic tree. Infrastructure teams at Meta leverage UPM to build SQL linters, catch user mistakes in SQL code, and perform data lineage analysis at scale. Executing SQL queries against our data warehouse is important to
Different security issues are a common problem for open source packages archived to and delivered through software ecosystems. These often manifest themselves as software weaknesses that may lead to concrete software vulnerabilities. This paper examines various security issues in Python packages with static analysis. The dataset is based on a snapshot of all packages stored to the Python Package I
Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
GitHub - SourceCode-AI/aura: Python source code auditing and static analysis on a large scale
Aura is a static analysis framework developed as a response to the ever-increasing threat of malicious packages and vulnerable code published on PyPI. Project goals: provide an automated monitoring system over uploaded packages to PyPI, alert on anomalies that can either indicate an ongoing attack or vulnerabilities in the code enable an organization to conduct automated security audits of the sou
静的解析の育て方 / How to make your static analysis strong
#PHPerKaigi 2020 での発表資料です。 https://fortee.jp/phperkaigi-2020/proposal/8f41e23f-69ef-4f93-8625-db64be39248f
The state of static analysis in the GCC 12 compiler | Red Hat Developer
Building a static analyzer into the C compiler offers several advantages over having a separate tool, because the analyzer can track what the compiler and assembler are doing intimately. As a Red Hat employee, I work on GCC, the GNU Compiler Collection. Our static analyzer is still experimental but is making big strides in interesting areas, including a taint mode and an understanding of assembly-
Semgrep CodeFind and fix issues that matter in your code (SAST)
Go Conference 2021 Autumn のセッションで使用した資料です。 - セッションの詳細: https://gocon.jp/2021autumn/sessions/go-static-analysis/ - 発表者: https://twitter.com/d_tutuz 資料に誤りがあればtwitterでご連絡ください。
Early Access Program for Qodana, a New Static Analysis and Quality Management Tool by JetBrains, Is Open | The PhpStorm Blog
Early Access Program for Qodana, a New Static Analysis and Quality Management Tool by JetBrains, Is Open “We must run as fast as we can, just to stay in place” – Lewis Carroll Qodana is a new product from JetBrains that brings the “smarts” of JetBrains IDEs directly into your CI Pipeline. PhpStorm and our other JetBrains IDEs are renowned for their ability to understand your code. They can track d
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Static Analysis at Scale: An Instagram Story
Psalm - a static analysis tool for PHP
Enabling static analysis of SQL queries at Meta
A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI
Static analysis in GCC 10 | Red Hat Developer
Semgrep: a static analysis journey
Starting static analysis with Go
aki1717ok.hatenablog.com
jinluvman.com
tamanohibig.hatenablog.com
news.yahoo.co.jp
canon.jp
www.pen-online.jp