[erlang-questions] Security scanning tools for Erlang?

Garry Hodgson garry@REDACTED
Fri Oct 28 16:30:40 CEST 2016


On 10/26/2016 01:23 PM, Garry Hodgson wrote:
> We are using Erlang for some specialized components in a much larger 
> system. That system now requires that all code must be scanned using 
> an automated tool (e.g. HP's Fortify) that looks for security issues. 
> Fortify does not handle Erlang, and has no plans to do so. Does anyone 
> know of any commercial or Open Source security scanning tools for 
> Erlang code?
>
> http://www8.hp.com/us/en/software-solutions/static-code-analysis-sast/index.html 
>
>
> Thanks
Many thanks to all for your insights. Looks like nothing off the rack,
but some avenues to explore. I like the idea of leveraging Elvis,
which we already use. Going to look into that some more.

Thanks


-- 
Garry Hodgson
Lead Member of Technical Staff
AT&T Chief Security Office (CSO)

"This e-mail and any files transmitted with it are AT&T property, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited."




More information about the erlang-questions mailing list