Versions Compared

Old Version 14

changes.mady.by.user Laura Mandolini

Saved on

compared with

New Version Current

changes.mady.by.user Marco Security

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Security Reviewer provides plugins for the following Integrated Development Environment (IDE) platforms:

Table of Contents

Visual Studio

...

Security Reviewer Visual Studio Extension scans source code written in C#, VB.NET, C/C++, VB 16 and 32-bit, ASP, ASPX, JavaScript, VBScript, HTML and SQL programming languages, directly from Visual Studio . Visual Studio Code extensions Plugin works with all programming Languages supported.

Further than source code, Visual Studio plugins process all configuration files (XML, XSD, XPath, .cfg, .config, .ini, XAML, json, etc.), binaries (DLL, EXE, OCX, ActiveX) and libraries (64 .NET libraries and 52 JavaScript frameworks of the most used), finding and detects weaknesses hidden inside them, and assesses potential vulnerabilities according OWASP, PCI-DSS, WASC, CVE, CVSS and CWE-/SANS international standards.

Visual Studio Code 1.39 for Windows/Mac OSx and Linux, Visual Studio 6.0, 2003, 2005, 2008, 2010, 2012, 2013 plugins Addins and Visual Studio 2015, 2017 and 2019 plugins are , 2019, 2022 extensionsare available.

In the Security Reviewer View you can find the Analysis results:

...

You can refresh the Security Reviewer View by pressing icon.

Visual Studio Code

Static Reviewer Visual Studio Code plugin is a standard Extension providing results browsing directly from inside the IDE. You can navigate through discovered vulnerabilities found by Security Reviewer Desktop, CLI, Team Reviewer, GitLab or Jenkins plugins.

...

This Extension provides:

  • Linking VSCode to Static Analyses results, made by Jenkins and GitLab Static Reviewer plugins.

  • An interactive interface for viewing scan results in the Visual Studio Code environment.

  • You can make changes to the code as you view the vulnerabilities in the locations indicated by the scan results without a needing to switch between applications.

  • The extension displays full paths with their intersections, rather than just the first and last elements of each vulnerability instance.

  • The extension highlights the elements where fixes can be most efficiently applied.

...

Eclipse, Rational RTC, RSA and RAD Studio

Security Reviewer postSpy plugin for Eclipse, Rational RTC, RSA and RAD Studio plugin shares the same interface and scans source code written in JAVA, JSP, JavaScript and SQL programming languages, directly from Eclipse, IBM Rapid Application Developer (RAD), IBM Rational Team Concert (RTC), and IBM Rational Software Architect (RSA). Further than source code, PostSpy the plugin processes all configuration files (XML, XSD, XPath, .cfg, .conf, .yml, json, etc.), binaries (JAR, WAR, EAR) and frameworks (115 JAVA and 52 JavaScript frameworks of the most used), finding and detects weaknesses hidden inside them, and assesses potential vulnerabilities according OWASP, PCI-DSS, WASC, CVE, CVSS and CWE-SANS international standards.postSpy is an Open Source project, published to github

Scanning

You can scan your source code directly inside Eclipse:

...

It will invoke Static Reviewer Desktop both locally (requires Statis Reviewer preinstalled) and remotely (required Team Reviewer and Static Server Plugin for Team Reviewer):

...

Once you analyzed your application you can have results directly in Eclipse, by using the Security Reviewer View.

Security Reviewer View

In the Security Reviewer view you can find the Analysis results:

...

This plugin is able to import Micro Focus OpenText Fortify FPR files, containing the Static Analysis results of Fortify Analysis, for comparing or integrating with Security Reviewer’s results.

...

  • Listing results of previously analyzed code and show issues in your IDE

  • Running a script to perform a local analysis to find issues in your local code

Software Composition Analysis IDE plugins

In the Software Composition Analysis, source code matters for scripting languages only. We support all IDE extensions described above for Software Composition Analysis of the following languages:

  • JavaScript

  • TypeScript

  • Ruby

  • Groovy

  • Rust

  • PHP

  • Shell (ksh, csh, bash, sh and others)

  • Powershell

  • Python

  • LUA

  • CoffeeScript

For other languages, Libraries/Frameworks issues are reported on IDE plugins under OWASP A9-Avoid Using Components with Known Vulnerabilities.

...