tags:

views:

64

answers:

2
Q: 

Is there any IDE Plugins available to scan while coding?

There are tools like Fortify available which can be integrated with IDE to scan the source codes for security vulnerabilities. But what I expect is a plugin for IDE like eclipse, which should check for vulnerabilities while typing the code. (Probably, in case of a Java program, for every semi-colon(;) it should check for the vulnerability). It would be great if the tool recommends a fix on the go. So that the developer can fix the vulnerabilities as such fixing the compilation issues in eclipse. This would really reduce the developers' time a lot, when compared to running a full scan of the code, checking vulnerabilities, fixing those and scanning the entire code base again.

Is there any such product available in the market already? If not, is it a feasible one to develop such thing?

  • Thanks, Barani.
A: 

FindBugs can be made to work in a similar manner perhaps, I have set it to run every time I compile a new file and it warns about some interesting potential bugs. The only plugin I know of that runs as you type is Checkstyle so maybe there's a similar plugin that checks for security vulnerabilities?

Stefan Thyberg  2009-05-26 10:28:39
A: 

You can also check out Ounce Labs and Coverity...

jm04469  2009-05-26 10:32:23
I think ouncelabs, coverity and findbugs do a full scanning of the code. But what I am looking for is a plugin which should work similar to winword, which does a spell check while typing. Just on typing a line of code in IDE, the plugin should check for possible vulnerabilities in that line and alert the user. This is similar to eclipse's in-built compiler, which check for the code correctness and alert the user for each and every line he/she types.
 2009-05-26 10:45:12

related questions

Benefit of using API over protocol for application extension / plugin
Creating SQL Server 2008 Add-Ons: current equivalent of sqlwb.exe
Output content from wordpress plugin and rewrite rules
ASP.NET intranet application with "plug-in" ability
Getting Bundle [] in Eclipse of all the bundles
Customizability of the IDEs
dll "drop in" architecture using Castle Windsor & MicroKernel
Has anyone seen a tutorial of building a Cocoa Touch plug-in for Interface Builder
How to find out what Eclipse is doing in backround?
Find composite location on screen
GOOD tutorial for writing Maven plugins?
How do you unit-test a plug-in to an application?
How to convert JspxIncludePathReferenceProvider for IntelliJ IDEA 8
How to test with RSpec a Rails plugin using "link_to" and "current_page?"
Outlook Plug-In for custom CRM
What is the best way of speccing plugins with RSpec?
Best way to write a Safari 4 Extension [obsolete]
Good Ways to Use Source Control and an IDE for Plugin Code?
What are the best resources to get started with Eclipse plugin development?
Resources for building a Visual Studio plug-in?
What's safe for a C++ plug-in system?
Customizing Visual Studio
Reading from a http-get presenting in Firefox bookmarks
Eclipse Plugin Dev: How do I get the paths for the currently selected project?