Sonnekalb, Tim and Knaust, Christopher-Tobias and Gruner, Bernd and Brust, Clemens-Alexander and Heinze, Thomas S. and Kurnatowski, Lynn and Schreiber, Andreas and Mäder, Patrick (2023) A Static Analysis Platform for Investigating Security Trends in Repositories. In: 1st IEEE/ACM International Workshop on Software Vulnerability, SVM 2023, pp. 1-5. 2023 IEEE/ACM 1st International Workshop on Software Vulnerability (SVM), 2023-05-20, Melbourne, Australia. doi: 10.1109/SVM59160.2023.00005. ISBN 979-835030190-8.
PDF
331kB |
Official URL: https://ieeexplore.ieee.org/document/10190574
Abstract
Static analysis tools come in many forms and configurations, allowing them to handle various tasks in a (secure) development process: code style linting, bug/vulnerability detection, verification, etc., and adapt to the specific requirements of a software project, thus reducing the number of false positives.The wide range of configuration options poses a hurdle in their use for software developers, as the tools cannot be deployed out-of-the-box. However, static analysis tools only develop their full benefit if they are integrated into the software development workflow and used on regular. Vulnerability management should be integrated via version history to identify hotspots, for example.We present an analysis platform that integrates several static analysis tools that enable Git-based repositories to continuously monitor warnings across their version history. The framework is easily extensible with other tools and programming languages. We provide a visualization component in the form of a dashboard to display security trends and hotspots. Our tool can also be used to create a database of security alerts at a scale well-suited for machine learning applications such as bug or vulnerability detection.
Item URL in elib: | https://elib.dlr.de/196449/ | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Document Type: | Conference or Workshop Item (Speech) | ||||||||||||||||||||||||||||||||||||
Title: | A Static Analysis Platform for Investigating Security Trends in Repositories | ||||||||||||||||||||||||||||||||||||
Authors: |
| ||||||||||||||||||||||||||||||||||||
Date: | 27 July 2023 | ||||||||||||||||||||||||||||||||||||
Journal or Publication Title: | 1st IEEE/ACM International Workshop on Software Vulnerability, SVM 2023 | ||||||||||||||||||||||||||||||||||||
Refereed publication: | Yes | ||||||||||||||||||||||||||||||||||||
Open Access: | Yes | ||||||||||||||||||||||||||||||||||||
Gold Open Access: | No | ||||||||||||||||||||||||||||||||||||
In SCOPUS: | Yes | ||||||||||||||||||||||||||||||||||||
In ISI Web of Science: | Yes | ||||||||||||||||||||||||||||||||||||
DOI: | 10.1109/SVM59160.2023.00005 | ||||||||||||||||||||||||||||||||||||
Page Range: | pp. 1-5 | ||||||||||||||||||||||||||||||||||||
ISBN: | 979-835030190-8 | ||||||||||||||||||||||||||||||||||||
Status: | Published | ||||||||||||||||||||||||||||||||||||
Keywords: | static analysis, program analysis, security dashboard, software monitoring, vulnerability management | ||||||||||||||||||||||||||||||||||||
Event Title: | 2023 IEEE/ACM 1st International Workshop on Software Vulnerability (SVM) | ||||||||||||||||||||||||||||||||||||
Event Location: | Melbourne, Australia | ||||||||||||||||||||||||||||||||||||
Event Type: | international Conference | ||||||||||||||||||||||||||||||||||||
Event Date: | 20 May 2023 | ||||||||||||||||||||||||||||||||||||
HGF - Research field: | Aeronautics, Space and Transport | ||||||||||||||||||||||||||||||||||||
HGF - Program: | Space | ||||||||||||||||||||||||||||||||||||
HGF - Program Themes: | Space System Technology | ||||||||||||||||||||||||||||||||||||
DLR - Research area: | Raumfahrt | ||||||||||||||||||||||||||||||||||||
DLR - Program: | R SY - Space System Technology | ||||||||||||||||||||||||||||||||||||
DLR - Research theme (Project): | R - Digital Transformation in Space [SY], R - Intelligent analysis and methods for safe software development | ||||||||||||||||||||||||||||||||||||
Location: | Jena | ||||||||||||||||||||||||||||||||||||
Institutes and Institutions: | Institute of Data Science > Data Acquisition and Mobilisation Institute of Software Technology > Intelligent and Distributed Systems | ||||||||||||||||||||||||||||||||||||
Deposited By: | Sonnekalb, Tim | ||||||||||||||||||||||||||||||||||||
Deposited On: | 07 Aug 2023 10:03 | ||||||||||||||||||||||||||||||||||||
Last Modified: | 17 Oct 2024 08:18 |
Repository Staff Only: item control page