Test and Verification -> Static depth for applications: Local development security checks performed
Risk and Opportunity
Risk: Creating and developing code contains code smells and quality issues.
Opportunity: Integration of quality and linting plugins with interactive development environment (IDEs).
Additional Information
Implementation hints
- Fortify Extension for Visual Studio Code, Link, Tags: ide sast
- Setting Up the Visual Studio Code Extension Plugin, Link, Tags: ide sast
- HCL AppScan CodeSweep, Link, Tags: ide sast
Usefulness and Requirements of this Activity
Usefullness: High
Required knowledge: Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low
OWASP SAMM VERSION 2
ISO27001 2017
- hardening is not explicitly covered by ISO 27001 - too specific
- 13.1.3
