elib
DLR-Header
DLR-Logo -> http://www.dlr.de
DLR Portal Home | Imprint | Privacy Policy | Contact | Deutsch
Fontsize: [-] Text [+]

A Static Analysis Platform for Investigating Security Trends in Repositories

Sonnekalb, Tim and Knaust, Christopher-Tobias and Gruner, Bernd and Brust, Clemens-Alexander and Heinze, Thomas S. and Kurnatowski, Lynn and Schreiber, Andreas and Mäder, Patrick (2023) A Static Analysis Platform for Investigating Security Trends in Repositories. In: 2023 IEEE/ACM 1st International Workshop on Software Vulnerability (SVM), pp. 1-5. 2023 IEEE/ACM 1st International Workshop on Software Vulnerability (SVM), Melbourne, Australia. doi: 10.1109/SVM59160.2023.00005.

[img] PDF
331kB

Official URL: https://ieeexplore.ieee.org/document/10190574

Abstract

Static analysis tools come in many forms and configurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements of a software project, thus reducing the number of false positives.The wide range of configuration options poses a hurdle in their use for software developers, as the tools cannot be deployed out-of-the-box. However, static analysis tools only develop their full benefit if they are integrated into the software development workflow and used on regular. Vulnerability management should be integrated via version history to identify hotspots, for example.We present an analysis platform that integrates several static analysis tools that enable Git-based repositories to continuously monitor warnings across their version history. The framework is easily extensible with other tools and programming languages. We provide a visualization component in the form of a dashboard to display security trends and hotspots. Our tool can also be used to create a database of security alerts at a scale well-suited for machine learning applications such as bug or vulnerability detection.

Item URL in elib:https://elib.dlr.de/196449/
Document Type:Conference or Workshop Item (Speech)
Title:A Static Analysis Platform for Investigating Security Trends in Repositories
Authors:
AuthorsInstitution or Email of AuthorsAuthor's ORCID iDORCID Put Code
Sonnekalb, TimUNSPECIFIEDhttps://orcid.org/0000-0002-0067-1790UNSPECIFIED
Knaust, Christopher-TobiasUNSPECIFIEDUNSPECIFIEDUNSPECIFIED
Gruner, BerndUNSPECIFIEDhttps://orcid.org/0000-0002-4177-2993140001307
Brust, Clemens-AlexanderUNSPECIFIEDhttps://orcid.org/0000-0001-5419-1998140001308
Heinze, Thomas S.UNSPECIFIEDUNSPECIFIEDUNSPECIFIED
Kurnatowski, LynnUNSPECIFIEDhttps://orcid.org/0000-0001-5144-702XUNSPECIFIED
Schreiber, AndreasUNSPECIFIEDhttps://orcid.org/0000-0001-5750-5649140001309
Mäder, PatrickUNSPECIFIEDhttps://orcid.org/0000-0001-6871-2707UNSPECIFIED
Date:27 July 2023
Journal or Publication Title:2023 IEEE/ACM 1st International Workshop on Software Vulnerability (SVM)
Refereed publication:Yes
Open Access:Yes
Gold Open Access:No
In SCOPUS:No
In ISI Web of Science:No
DOI:10.1109/SVM59160.2023.00005
Page Range:pp. 1-5
Status:Published
Keywords:static analysis, program analysis, security dashboard, software monitoring, vulnerability management
Event Title:2023 IEEE/ACM 1st International Workshop on Software Vulnerability (SVM)
Event Location:Melbourne, Australia
Event Type:international Conference
HGF - Research field:Aeronautics, Space and Transport
HGF - Program:Space
HGF - Program Themes:Space System Technology
DLR - Research area:Raumfahrt
DLR - Program:R SY - Space System Technology
DLR - Research theme (Project):R - Digital Transformation in Space [SY], R - Intelligent analysis and methods for safe software development
Location: Jena
Institutes and Institutions:Institute of Data Science > Data Acquisition and Mobilisation
Institute for Software Technology > Intelligent and Distributed Systems
Deposited By: Sonnekalb, Tim
Deposited On:07 Aug 2023 10:03
Last Modified:29 Oct 2023 12:42

Repository Staff Only: item control page

Browse
Search
Help & Contact
Information
electronic library is running on EPrints 3.3.12
Website and database design: Copyright © German Aerospace Center (DLR). All rights reserved.