Yasca

Yasca
	"Yet Another Source Code Analyzer"
Developer(s)	Michael Scovetta
Stable release	2.2 / June 4, 2010; 14 years ago
Written in	PHP, Java
Operating system	Cross-platform
Size	12MB-155MB
Available in	English
Type	Software Quality, Software Security
License	BSD License, GPL License, GNU Lesser General Public License, Others
Website	yasca.org,; sourceforge.net/projects/yasca/

Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It leverages external open source programs, such as FindBugs, PMD, JLint, JavaScript Lint, PHPLint, Cppcheck, ClamAV, Pixy, and RATS to scan specific file types,^[1] and also contains many custom scanners developed for Yasca. It is a command-line tool that generates reports in HTML, CSV, XML, MySQL, SQLite, and other formats. It is listed as an inactive project at the well-known OWASP security project,^[2] and also in a government software security tools review at the U.S Department of Homeland Security web site.^[3]

^ Clarke, Justin (2009). SQL Injection Attacks and Defense. Syngress. p. 125. ISBN 978-1-59749-424-3.
^ "Category:OWASP Yasca Project". OWASP. Retrieved 14 September 2010.
^ "Software Security Assessment Tools Review" (PDF). Homeland Security. Retrieved 14 September 2010.

[1] Clarke, Justin (2009). SQL Injection Attacks and Defense. Syngress. p. 125. ISBN 978-1-59749-424-3.

[2] "Category:OWASP Yasca Project". OWASP. Retrieved 14 September 2010.

[3] "Software Security Assessment Tools Review" (PDF). Homeland Security. Retrieved 14 September 2010.

[1]

[2]

[3]