{"id":3886,"date":"2015-03-24T01:50:19","date_gmt":"2015-03-23T17:50:19","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3886"},"modified":"2015-09-09T19:36:39","modified_gmt":"2015-09-09T11:36:39","slug":"yasca-multi-language-static-analysis-toolset","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2015\/03\/yasca-multi-language-static-analysis-toolset\/","title":{"rendered":"Yasca &#8211; Multi-Language Static Analysis Toolset"},"content":{"rendered":"<p>Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It&#8217;s basically a tool-kit for multi-language static analysis.<\/p>\n<p>Yasca can scan source code written in Java, C\/C++, HTML, JavaScript, ASP, ColdFusion, PHP, COBOL, .NET, and other languages<\/p>\n<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/farm8.staticflickr.com\/7639\/16881888716_5f47a8c573.jpg\" alt=\"Yasca - Multi-Language Static Analysis Toolset\" \/><\/p>\n<p>It leverages on external open source programs, such as:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2006\/10\/findbugs%e2%84%a2-find-bugs-in-java-programs\/\">FindBugs<\/a><\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2006\/10\/pmd-java-source-code-scanner\/\">PMD<\/a><\/li>\n<li>JLint<\/li>\n<li>JavaScript Lint<\/li>\n<li>PHPLint<\/li>\n<li>CppCheck<\/li>\n<li>ClamAV<\/li>\n<li><a href=\"https:\/\/www.darknet.org.uk\/2009\/11\/rats-rough-auditing-tool-for-security\/\">RATS<\/a><\/li>\n<li>Pixy<\/li>\n<\/ul>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-3033787195489589\"\r\n     crossorigin=\"anonymous\"><\/script>\r\n<!-- Darknet Responsive Post Ad Links [previously link ad unit] -->\r\n<ins class=\"adsbygoogle\"\r\n     style=\"display:block\"\r\n     data-ad-client=\"ca-pub-3033787195489589\"\r\n     data-ad-slot=\"5456620019\"\r\n     data-ad-format=\"auto\"><\/ins>\r\n<script>\r\n     (adsbygoogle = window.adsbygoogle || []).push({});\r\n<\/script>\n<p>Yasca can be used to scan specific file types, and also contains many custom scanners developed just for it. It is a command-line tool that generates reports in HTML, CSV, XML, SQLite, and other formats. Yasca is easily extensible via a plugin-based architecture, so scanning any particular file is as simple as coming up with the rules or integrating external tools. Yasca also features a simple regular-expression plugin that allows new rules to be written in less than a minute.<\/p>\n<p>Yasca is written in command-line PHP and released under the BSD license.<\/p>\n<h3>Usage<\/h3>\n<pre>\r\nUsage: yasca [options] directory\r\nPerform analysis of program source code.\r\n\r\n\t\t--debug additional debugging\r\n\t-h, --help show this help\r\n\t-i, --ignore-ext EXT,EXT ignore these file extensions\r\n\t\t\t\t\t\t\t(default: exe,zip,jpg,gif,png,pdf,class)\r\n\t\t--ignore-file FILE ignore findings from the specified xml file\r\n\t\t--source-required only show findings that have source code available\r\n\t-f, --fixes FILE include fixes, written to FILE (default: not included)\r\n\t\t\t\t\t(EXPERIMENTAL)\r\n\t-s, --silent do not show any output\r\n\t-v, --version show version information\r\n\r\nExamples:\r\n\tyasca c:\\source_code\r\n\tyasca \/opt\/dev\/source_code\r\n\tyasca -o c:\\output.csv --report CSVReport \"c:\\foo bar\\quux\"\r\n<\/pre>\n<p>You can download Yasca here:<\/p>\n<p><a href=\"http:\/\/sourceforge.net\/projects\/yasca\/files\/Yasca%202.x\/Yasca%202.1\/yasca-2.1.zip\/download\">yasca-2.1.zip<\/a><\/p>\n<p>Or read more <a href=\"http:\/\/www.scovetta.com\/yasca.html\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It&#8217;s basically a tool-kit for multi-language static analysis. Yasca can scan source code written in Java, C\/C++, HTML, JavaScript, ASP, ColdFusion, PHP, COBOL, .NET, and other languages It leverages on external open source [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"Yasca is basically a tool-kit for multi-language static analysis, it's intended to look for security vulnerabilities, code-quality & performance issues.","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[29,11],"tags":[4336,4334,2948,915,4338],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/3886"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=3886"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/3886\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=3886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=3886"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=3886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}