Can anyone explain this package say other providers? #267
Replies: 2 comments
-
Basically, it is a local-only tool, unless you go with Github Advanced Security and use SARIF export. I even wrote an article; feel free to check https://dev.to/dbalikhin/a-quick-comparison-of-security-static-code-analyzers-for-c-2l5h |
Beta Was this translation helpful? Give feedback.
-
This is sparta :) Just skimmed through the article. As for pvs-studio...
Doesn't https://pvs-studio.com/en/blog/posts/0457/ work anymore?
…On Sat, Nov 26, 2022, 00:24 Dmitry ***@***.***> wrote:
Basically, it is a local-only tool, unless you go with Github Advanced
Security and use SARIF export.
This means it can scan quite well, but it doesn't have a user-friendly way
to set a scanning policy (rules), mark it as a false positive, review
findings, branch analysis on its own, etc. You can try to cover these items
with suppression, e.g. with EditorConfig.
Sonar Community Edition doesn't support taint analysis but is more
suitable for teamwork and collaboration. Sonar Dev supports taint analysis
on the server side, not in your IDE - you will have to fetch scan results
from the server.
I even wrote an article; feel free to check
https://dev.to/dbalikhin/a-quick-comparison-of-security-static-code-analyzers-for-c-2l5h
—
Reply to this email directly, view it on GitHub
<#267 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGLK53GTI2Q2MD63ZQXPZ5DWKFDBNANCNFSM6AAAAAARJ34RXQ>
.
You are receiving this because you are subscribed to this thread.Message
ID:
<security-code-scan/security-code-scan/repo-discussions/267/comments/4240326
@github.com>
|
Beta Was this translation helpful? Give feedback.
-
I am trying to gauge whether to pay or not for security scanning software. This package seems to cover a lot of items. How does this stack compared to Sonar/Puma etc? I am happy to go with something like this that covers most angles if the other providers just cover more languages.
Beta Was this translation helpful? Give feedback.
All reactions