Friday 12 October 2012

First video of Eclipse's real-time static analysis plugin for Java security

Diarmaid McManus has recently published a video of his Eclipse's real-time static analysis plugin for Java security

Here is the video of it in action (showing an error on a StackTrace information disclosure issue)



This is a great step on the right direction, and after seeing it, I have a couple questions:

  • Is the code realsed under an Open Source license?
  • Where can I download it?
  • Where are the rules?
  • What is the engine used?
  • What are the APIs used to add/remove items from the 'Problems' tab?
  • How can I integrate this with O2?
  • How can I show TeamMentor Guidance for the issues identified?
  • Can this be consumed outside Eclipse? (ideally as a stand-alone application)