Skip to content
/ SCALe Public

SCALe (Source Code Analysis Lab) is a static analysis aggregator/correlator which enables a source code analyst to combine static analysis results from multiple tools into one interface, and also provides mappings for diagnostics from the tools to the SEI CERT Secure Coding standards.

280 stars 59 forks Branches Tags Activity
Star
Notifications

cmu-sei/SCALe

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits

scale.app

scale.app

 
 

ABOUT

ABOUT

 
 

COPYRIGHT

COPYRIGHT

 
 

README.md

README.md

 
 

Repository files navigation

Source Code Analysis Lab (SCALe)

Copyright (c) 2007-2018 Carnegie Mellon University. All Rights Reserved. See the ./COPYRIGHT file for details.

Installation Instructions (VM)

If the SCALe web app is provided via a virtual machine (VM), then the SCALe app will be configured to run automatically when the machine boots.

Installation Instructions (Zip)

If the SCALe web app is provided via a zip archive, it is referred to as <scale_webapp_archive>.zip below. This archive should be extracted on your web app server in a location of your choosing.

We will refer to this location as SCALE_HOME. You may find it useful to define this environment variable in your system to point to the root of your SCALe installation.

If the zip is downloaded from Github, the scale.app folder will be inside another folder like "SCALe-Master". In this case, SCALe-Master would be the location of SCALE_HOME.

Extracting the archive might look something like this:

export SCALE_HOME="/location/of/SCALe/install"
mkdir -p $SCALE_HOME
cd $SCALE_HOME
unzip /location/of/<scale_webapp_archive>.zip

Use the instructions for installing and managing SCALe by opening the following file in a web browser:

$SCALE_HOME/scale.app/public/doc/index.html

If you are running the offline version, the SEI CERT Coding rules and the Common Weakness Enumeration (CWEs) that accompany the distribution may not be up-to-date. The current version of the SEI CERT Coding rules are available online at: https://securecoding.cert.org The current version of the CWEs is available at: https://cwe.mitre.org/

Relevant Known Issues

  • During the quick start demonstration, the following superfluous error is generated in the web app console: ".../scale.app/archive/backup/6/analysis/...out: no such file or directory".

  • The digest_diagnostics script does not follow symlinks in source directories.

  • The pathnames in Rosecheckers output are incorrect when executed on a project that compiles files outside of the directories they live in. This affects the web app's ability to display the source code associated with a diagnostic.

  • Some of the links in the exported secure coding rule documentation point to online pages, and will fail on a machine with no Internet connection.

Support

Questions and comments can be sent to info@sei.cmu.edu.

About

SCALe (Source Code Analysis Lab) is a static analysis aggregator/correlator which enables a source code analyst to combine static analysis results from multiple tools into one interface, and also provides mappings for diagnostics from the tools to the SEI CERT Secure Coding standards.

Resources

Readme
Activity
Custom properties

Stars

280 stars

Watchers

35 watching

Forks

59 forks
Report repository

Releases 3

SCALe 2.1.5.1 Latest
Nov 14, 2019
+ 2 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages