Difference between revisions of "Category:OWASP Yasca Project Roadmap"

From OWASP
Jump to: navigation, search
(New page: Michael: Please fill in here with the Project's Roadmap.)
 
(Initial Submission)
Line 1: Line 1:
Michael: Please fill in here with the Project's Roadmap.
+
=== The Goal of Yasca ===
 +
The primary goal of Yasca is to assist '''developers''' in performing a '''security-oriented code review'''. This is accomplished through the following main features:
 +
* an extensible architecture that other products can be integrated into,
 +
* a single view of all results, with details down to the line of code (where possible), and
 +
* a growing set of "open source" rules that anyone can add to.
 +
 
 +
A secondary goal is to support both the open source and enterprise development communities by delivering a high-quality product that can be relied upon and extended to meet evolving needs.
 +
 
 +
=== The Roadmap ===
 +
 
 +
==== Version 1.0 ====
 +
 
 +
The initial public release of Yasca was made available in October 2008. It offered integration with PMD, FindBugs, J-Lint, and antiC, as well as a limited set of custom rules and report generators.
 +
 
 +
==== Version 1.1 ====
 +
 
 +
This version is expected to be released in January 2009, and to offer the following changes:
 +
* Update of all integrated components
 +
** PMD to version 4.2.4
 +
** FindBugs to version 1.3.6
 +
** PHP to version 5.2.8
 +
* Addition of new custom rules
 +
* Better error handling
 +
** Automatic disabling of certain plugins based on the type of project (i.e. don't use PMD to scan C only projects)
 +
 
 +
==== Version 2.0 ====
 +
 
 +
While no decisions have been finalized, some ideas for consideration include:
 +
* Integration of OunceOpen tools
 +
* Integration of other OWASP projects ([[:Category:OWASP_Open_Review_Project|Open Review]], [[:Category:OWASP_Code_Review_Project|Code Review]], and [[:Category:OWASP_Orizon_Project|Orizon]])

Revision as of 10:22, 13 December 2008

Contents

The Goal of Yasca

The primary goal of Yasca is to assist developers in performing a security-oriented code review. This is accomplished through the following main features:

  • an extensible architecture that other products can be integrated into,
  • a single view of all results, with details down to the line of code (where possible), and
  • a growing set of "open source" rules that anyone can add to.

A secondary goal is to support both the open source and enterprise development communities by delivering a high-quality product that can be relied upon and extended to meet evolving needs.

The Roadmap

Version 1.0

The initial public release of Yasca was made available in October 2008. It offered integration with PMD, FindBugs, J-Lint, and antiC, as well as a limited set of custom rules and report generators.

Version 1.1

This version is expected to be released in January 2009, and to offer the following changes:

  • Update of all integrated components
    • PMD to version 4.2.4
    • FindBugs to version 1.3.6
    • PHP to version 5.2.8
  • Addition of new custom rules
  • Better error handling
    • Automatic disabling of certain plugins based on the type of project (i.e. don't use PMD to scan C only projects)

Version 2.0

While no decisions have been finalized, some ideas for consideration include:

This category currently contains no pages or media.