Tooling Recommendations for Secure Coding¶
Version: 2.0
Security Related Static Code Analysis¶
Find Security Bugs2, FindBugs plugin is the recommended tool for performing static security analysis.
WSO2 Document Reference
Further information on using OWASP Zed Attack Proxy (ZAP) with WSO2 recommended security policies are available in the Engineering Guidelines - Tooling - Static Code Analysis using FindSecurityBugs document.
Security Related Dynamic Analysis¶
OWASP Zed Attack Proxy(ZAP)1 is the recommended tool for performing dynamic security analysis.
WSO2 Document Reference
Further information on using OWASP Zed Attack Proxy (ZAP) with WSO2 recommended security policies are available in the Engineering Guidelines - Tooling - Dynamic Analysis with OWASP ZAP document.
Dependency Vulnerability Analysis¶
OWASP Dependency Check3 is the recommended tool for performing dependency vulnerability analysis.
WSO2 Document Reference
Further information on using OWASP Dependency Check is documented at Engineering Guidelines - External Dependency Analysis using OWASP Dependency Check document.