Tooling Recommendations for Secure Coding

Version: 2.0


Find Security Bugs2, FindBugs plugin is the recommended tool for performing static security analysis.

WSO2 Document Reference

Further information on using OWASP Zed Attack Proxy (ZAP) with WSO2 recommended security policies are available in the Engineering Guidelines - Tooling - Static Code Analysis using FindSecurityBugs document.

OWASP Zed Attack Proxy(ZAP)1 is the recommended tool for performing dynamic security analysis.

WSO2 Document Reference

Further information on using OWASP Zed Attack Proxy (ZAP) with WSO2 recommended security policies are available in the Engineering Guidelines - Tooling - Dynamic Analysis with OWASP ZAP document.

Dependency Vulnerability Analysis

OWASP Dependency Check3 is the recommended tool for performing dependency vulnerability analysis.

WSO2 Document Reference

Further information on using OWASP Dependency Check is documented at Engineering Guidelines - External Dependency Analysis using OWASP Dependency Check document.

References