A Static Analysis Platform for Investigating Security Trends in Repositories
Static analysis tools come in many forms andconfigurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements of a software project, thus reducing the number of false po...
Gespeichert in:
| Hauptverfasser: | , , , , , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Sonnekalb, Tim Knaust, Christopher-Tobias Gruner, Bernd Brust, Clemens-Alexander von Kurnatowski, Lynn Schreiber, Andreas Heinze, Thomas S Mäder, Patrick |
| description | Static analysis tools come in many forms andconfigurations, allowing them to
handle various tasks in a (secure) development process: code style linting,
bug/vulnerability detection, verification, etc., and adapt to the specific
requirements of a software project, thus reducing the number of false
positives.The wide range of configuration options poses a hurdle in their use
for software developers, as the tools cannot be deployed out-of-the-box.
However, static analysis tools only develop their full benefit if they are
integrated into the software development workflow and used on regular.
Vulnerability management should be integrated via version history to identify
hotspots, for example. We present an analysis platform that integrates several
static analysis tools that enable Git-based repositories to continuously
monitor warnings across their version history. The framework is easily
extensible with other tools and programming languages. We provide a
visualization component in the form of a dashboard to display security trends
and hotspots. Our tool can also be used to create a database of security alerts
at a scale well-suited for machine learning applications such as bug or
vulnerability detection. |
| doi_str_mv | 10.48550/arxiv.2304.01725 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2304_01725</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2304_01725</sourcerecordid><originalsourceid>FETCH-LOGICAL-a675-51a84ab037ec97472b20113c12471cd6b36e7688e5d60f243a3ce94c1695cfc3</originalsourceid><addsrcrecordid>eNotz8tqwzAUBFBtuihpP6Cr6gfs6i17aUIfAUNLnb25lq-DwJGDpIb675um3cxshoFDyANnpaq0Zk8Qv_25FJKpknEr9C1pG9plyN7RJsC8Jp_oxwx5WuKRXoLuwhlT9ofLJBxoh-4r-rzSfcQwJuoD_cTTknxeosd0R24mmBPe__eGdC_P--1b0b6_7rZNW4CxutAcKgUDkxZdbZUVg2CcS8eFstyNZpAGrakq1KNhk1ASpMNaOW5q7SYnN-Tx7_Wq6U_RHyGu_a-qv6rkD5RER5c</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>A Static Analysis Platform for Investigating Security Trends in Repositories</title><source>arXiv.org</source><creator>Sonnekalb, Tim ; Knaust, Christopher-Tobias ; Gruner, Bernd ; Brust, Clemens-Alexander ; von Kurnatowski, Lynn ; Schreiber, Andreas ; Heinze, Thomas S ; Mäder, Patrick</creator><creatorcontrib>Sonnekalb, Tim ; Knaust, Christopher-Tobias ; Gruner, Bernd ; Brust, Clemens-Alexander ; von Kurnatowski, Lynn ; Schreiber, Andreas ; Heinze, Thomas S ; Mäder, Patrick</creatorcontrib><description>Static analysis tools come in many forms andconfigurations, allowing them to
handle various tasks in a (secure) development process: code style linting,
bug/vulnerability detection, verification, etc., and adapt to the specific
requirements of a software project, thus reducing the number of false
positives.The wide range of configuration options poses a hurdle in their use
for software developers, as the tools cannot be deployed out-of-the-box.
However, static analysis tools only develop their full benefit if they are
integrated into the software development workflow and used on regular.
Vulnerability management should be integrated via version history to identify
hotspots, for example. We present an analysis platform that integrates several
static analysis tools that enable Git-based repositories to continuously
monitor warnings across their version history. The framework is easily
extensible with other tools and programming languages. We provide a
visualization component in the form of a dashboard to display security trends
and hotspots. Our tool can also be used to create a database of security alerts
at a scale well-suited for machine learning applications such as bug or
vulnerability detection.</description><identifier>DOI: 10.48550/arxiv.2304.01725</identifier><language>eng</language><subject>Computer Science - Software Engineering</subject><creationdate>2023-04</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,778,883</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2304.01725$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2304.01725$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Sonnekalb, Tim</creatorcontrib><creatorcontrib>Knaust, Christopher-Tobias</creatorcontrib><creatorcontrib>Gruner, Bernd</creatorcontrib><creatorcontrib>Brust, Clemens-Alexander</creatorcontrib><creatorcontrib>von Kurnatowski, Lynn</creatorcontrib><creatorcontrib>Schreiber, Andreas</creatorcontrib><creatorcontrib>Heinze, Thomas S</creatorcontrib><creatorcontrib>Mäder, Patrick</creatorcontrib><title>A Static Analysis Platform for Investigating Security Trends in Repositories</title><description>Static analysis tools come in many forms andconfigurations, allowing them to
handle various tasks in a (secure) development process: code style linting,
bug/vulnerability detection, verification, etc., and adapt to the specific
requirements of a software project, thus reducing the number of false
positives.The wide range of configuration options poses a hurdle in their use
for software developers, as the tools cannot be deployed out-of-the-box.
However, static analysis tools only develop their full benefit if they are
integrated into the software development workflow and used on regular.
Vulnerability management should be integrated via version history to identify
hotspots, for example. We present an analysis platform that integrates several
static analysis tools that enable Git-based repositories to continuously
monitor warnings across their version history. The framework is easily
extensible with other tools and programming languages. We provide a
visualization component in the form of a dashboard to display security trends
and hotspots. Our tool can also be used to create a database of security alerts
at a scale well-suited for machine learning applications such as bug or
vulnerability detection.</description><subject>Computer Science - Software Engineering</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotz8tqwzAUBFBtuihpP6Cr6gfs6i17aUIfAUNLnb25lq-DwJGDpIb675um3cxshoFDyANnpaq0Zk8Qv_25FJKpknEr9C1pG9plyN7RJsC8Jp_oxwx5WuKRXoLuwhlT9ofLJBxoh-4r-rzSfcQwJuoD_cTTknxeosd0R24mmBPe__eGdC_P--1b0b6_7rZNW4CxutAcKgUDkxZdbZUVg2CcS8eFstyNZpAGrakq1KNhk1ASpMNaOW5q7SYnN-Tx7_Wq6U_RHyGu_a-qv6rkD5RER5c</recordid><startdate>20230404</startdate><enddate>20230404</enddate><creator>Sonnekalb, Tim</creator><creator>Knaust, Christopher-Tobias</creator><creator>Gruner, Bernd</creator><creator>Brust, Clemens-Alexander</creator><creator>von Kurnatowski, Lynn</creator><creator>Schreiber, Andreas</creator><creator>Heinze, Thomas S</creator><creator>Mäder, Patrick</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20230404</creationdate><title>A Static Analysis Platform for Investigating Security Trends in Repositories</title><author>Sonnekalb, Tim ; Knaust, Christopher-Tobias ; Gruner, Bernd ; Brust, Clemens-Alexander ; von Kurnatowski, Lynn ; Schreiber, Andreas ; Heinze, Thomas S ; Mäder, Patrick</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a675-51a84ab037ec97472b20113c12471cd6b36e7688e5d60f243a3ce94c1695cfc3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Computer Science - Software Engineering</topic><toplevel>online_resources</toplevel><creatorcontrib>Sonnekalb, Tim</creatorcontrib><creatorcontrib>Knaust, Christopher-Tobias</creatorcontrib><creatorcontrib>Gruner, Bernd</creatorcontrib><creatorcontrib>Brust, Clemens-Alexander</creatorcontrib><creatorcontrib>von Kurnatowski, Lynn</creatorcontrib><creatorcontrib>Schreiber, Andreas</creatorcontrib><creatorcontrib>Heinze, Thomas S</creatorcontrib><creatorcontrib>Mäder, Patrick</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Sonnekalb, Tim</au><au>Knaust, Christopher-Tobias</au><au>Gruner, Bernd</au><au>Brust, Clemens-Alexander</au><au>von Kurnatowski, Lynn</au><au>Schreiber, Andreas</au><au>Heinze, Thomas S</au><au>Mäder, Patrick</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Static Analysis Platform for Investigating Security Trends in Repositories</atitle><date>2023-04-04</date><risdate>2023</risdate><abstract>Static analysis tools come in many forms andconfigurations, allowing them to
handle various tasks in a (secure) development process: code style linting,
bug/vulnerability detection, verification, etc., and adapt to the specific
requirements of a software project, thus reducing the number of false
positives.The wide range of configuration options poses a hurdle in their use
for software developers, as the tools cannot be deployed out-of-the-box.
However, static analysis tools only develop their full benefit if they are
integrated into the software development workflow and used on regular.
Vulnerability management should be integrated via version history to identify
hotspots, for example. We present an analysis platform that integrates several
static analysis tools that enable Git-based repositories to continuously
monitor warnings across their version history. The framework is easily
extensible with other tools and programming languages. We provide a
visualization component in the form of a dashboard to display security trends
and hotspots. Our tool can also be used to create a database of security alerts
at a scale well-suited for machine learning applications such as bug or
vulnerability detection.</abstract><doi>10.48550/arxiv.2304.01725</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.2304.01725 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_2304_01725 |
| source | arXiv.org |
| subjects | Computer Science - Software Engineering |
| title | A Static Analysis Platform for Investigating Security Trends in Repositories |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-15T22%3A01%3A25IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Static%20Analysis%20Platform%20for%20Investigating%20Security%20Trends%20in%20Repositories&rft.au=Sonnekalb,%20Tim&rft.date=2023-04-04&rft_id=info:doi/10.48550/arxiv.2304.01725&rft_dat=%3Carxiv_GOX%3E2304_01725%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |