OWASP Find Security Bugs



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

Description
Find Security Bugs is a SpotBugs plugin for security audits of Java web applications and Android applications. It can detect 128 different vulnerability types including Command Injection, XPath Injection, SQL/HQL Injection, XXE and Cryptography weaknesses. SpotBugs is a static analysis tool that targets Java but also works with Groovy, Scala and Kotlin projects.

Licensing
This software is released under LGPL.

Roadmap
Theses are the current priorities:
 * Release a new version every few months.
 * Improve the quality of the static analysis detectors
 * Continue working on finding new vulnerabilities ideas and implementing detectors if there is an opportunity.
 * Improving the documentation for new contributors.

Getting Involved
Involvement in the development and promotion of Find Security Bugs is actively encouraged!

You can contribute by :
 * Suggesting idea for new detectors that are not already cover.
 * Coding new detectors or modifying exist ones. See Good first issue on Github to get started
 * Reviewing the descriptions of the different vulnerabilities, the website or this page.

Project Sponsors
The project's development is support by GoSecure since 2016.


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

Project Resources

 * Website
 * GitHub page
 * Release notes

Project Leader
Philippe Arteau

Related Projects

 * SpotBugs

Classifications

 * }