How to Use YASCA Static Code Analysis Tool

How to Use YASCA Static Code Analysis Tool

How to use YASCA static code analysis tool Yasca which is an acronym for “Yet Another Source Code Analyzer” is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It leverages external open-source programs, such as FindBugs, PMD, JLint, JavaScript Lint, PHPLint, Cppcheck, ClamAV, Pixy, and RATS to scan specific file types. It also contains many custom scanners developed for Yasca. It is a command-line tool that generates reports in HTML, CSV, XML, MySQL, SQLite, and other formats. Languages Scanned with Yasca Yasca has at least one scanner for each of the following file types: DotNET (VB.NET, C#, ASP.NET), ASP, C/C++, COBOL, ColdFusion, CSS, HTML Java,JavaScript, Perl, PHP, Python, Raw HTTP Traffic, Visual Basic In this post we will be looking at how to install and use Yasca source code analyser. To understand more about source code analyzers click on this link to my previous post on Understanding Static Code Analysis Download Yasca fromhttps://sourceforge.net/projects/yasca/?source=typ_redirect Extract it to any location of your choice. In this post I will be using C:\YASCA © Assurecondo How to use YASCA static code analysis tool How to use YASCA static code analysis tool You will need to download the following 11 plugins1. yasca-2.1-jlint.zip2. yasca-2.1- javascriptlint.zip3. yasca-2.1-fxcop.zip4. yasca-2.1-findbugs.zip5. yasca-2.1- rats.zip6. yasca-2.1-pmd.zip7. yasca-2.1-findbugs-plugin.zip8. yasca-2.1- pixy.zip9. yasca-2.1-phplint.zip10. yasca-2.1-cppcheck.zip11. yasca-2.1-clamav.zip This can be downloaded from the following links:https://sourceforge.net/projects/yasca/files/Yasca%202.x/Yasca%202.1/ Create a folder called STATIC_TOOLS and unzip the downloads into it. For this post, I will create my STATIC_TOOLS folder in my C:\YASCA directory. My final location for the static_tools folder is C:\YASCA\Static_tools\ Please note that all your plugins must be extracted to this location as we will point the Yasca engine to pick the plugins from this location. Using YASCA Usage is through command prompt as usual. I will guide you carefully. Now that we have already extracted our plugins to our desired location we can begin. We need to first of all point the YASCA engine to the location of the plugins to be used for the source code scan. This is done with the following commands set SA_HOME=C:\YASCA\Static_tools\ © Assurecondo How to use YASCA static code analysis tool How to use YASCA static code analysis tool The Yasca installation file has test source code that can be used for training which can be located atresources\test in mine the location isC:\YASCA\resources\test Now run the following command to perform the source code scan yasca C:\YASCA\resources\test © Assurecondo How to use YASCA static code analysis tool How to use YASCA static code analysis tool Result of the source code scan will be reported in the directory given after the entire scan as can be seen in the highlighted part of the screen shot This is a screen shot of my results Open the HTML file and you will have a detailed report of the source code analysis © Assurecondo How to use YASCA static code analysis tool How to use YASCA static code analysis tool The coloured square dots are descriptive and can be clicked on. Please see the screen shot for what they stand for: And that’s how to use YASCA. I hope you enjoyed this post and also hope it was value adding. I would appreciate your comments or contributions © Assurecondo How to use YASCA static code analysis tool.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    5 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us