Naive questions about #foss and #floss
When I worked in corporate software we used tools to scan our software (static source and runtime behavior analysis) for things like OWASP top 10 violations on web apps, web apis, mobile apps, and desktop apps. And CVE scanning for dependencies, although that was less automated
1 - who does this for open software
2 - do open tools exist to automate this, ours were expensive corpware
Not talking about lint, but like Fortify (which recently enshitified)
Lime Bar /
npub1tl…jwp2c
2024-08-28 15:54:53
Author Public Key
npub1tlkvtk8u9yrff4m5zpms9df5vqg7jjmc9pergr0rxyky8skvmpnsvjwp2cPublished at
2024-08-28 15:54:53Event JSON
{
"id": "95bba6802e5ea03fd72f6665d392ebdc7ac5c430ab75052b0aca74170bcad7e7",
"pubkey": "5fecc5d8fc290694d774107702b5346011e94b782872340de3312c43c2ccd867",
"created_at": 1724860493,
"kind": 1,
"tags": [
[
"t",
"foss"
],
[
"t",
"floss"
],
[
"proxy",
"https://mastodon.social/users/limebar/statuses/113040457311689058",
"activitypub"
]
],
"content": "Naive questions about #foss and #floss \n\nWhen I worked in corporate software we used tools to scan our software (static source and runtime behavior analysis) for things like OWASP top 10 violations on web apps, web apis, mobile apps, and desktop apps. And CVE scanning for dependencies, although that was less automated\n\n1 - who does this for open software \n2 - do open tools exist to automate this, ours were expensive corpware\n\nNot talking about lint, but like Fortify (which recently enshitified)",
"sig": "dd03a3b62cfa9d097c74828f8980a21edbc1fe6b8c642ef8b81c38c5107bbbe40cf284decf3fd24eb996bfde0b216b9c7924c593f078d3a7ff8436d171d2e9a7"
}