OWASP Find Security Bugs



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

Description
Find Security Bugs is a SpotBugs plugin for security audits of Java web applications and Android applications. It can detect 128 different vulnerability types including Command Injection, XPath Injection, SQL/HQL Injection, XXE and Cryptography weaknesses. SpotBugs is a static analysis tool that targets Java but also works with Groovy, Scala and Kotlin projects.

Licensing
This software is released under LGPL.

Roadmap
Theses are the current priorities:
 * Release a new version every few months.
 * Improve the quality of the static analysis detectors
 * Continue working on finding new vulnerabilities ideas and implementing detectors if there is an opportunity.
 * Improving the documentation for new contributors.

The complete roadmap is kept up to date on GitHub in the milestones section.

Getting Involved
Involvement in the development and promotion of Find Security Bugs is actively encouraged!

You can contribute by :
 * Suggesting ideas for new detectors that are not already covered.
 * Coding new detectors or modifying exist ones. See Good first issue on Github to get started
 * Reviewing the descriptions of the different vulnerabilities, the website or this page.

Project Sponsors
The project's development is supported by GoSecure since 2016.


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

Project Resources

 * Website
 * GitHub page
 * Release notes

Project Leader
Philippe Arteau

Related Projects

 * SpotBugs

Classifications

 * }