Lime Bar on Nostr: Naive questions about #foss and #floss When I worked in corporate software we used ...
Naive questions about #foss and #floss
When I worked in corporate software we used tools to scan our software (static source and runtime behavior analysis) for things like OWASP top 10 violations on web apps, web apis, mobile apps, and desktop apps. And CVE scanning for dependencies, although that was less automated
1 - who does this for open software
2 - do open tools exist to automate this, ours were expensive corpware
Not talking about lint, but like Fortify (which recently enshitified)
When I worked in corporate software we used tools to scan our software (static source and runtime behavior analysis) for things like OWASP top 10 violations on web apps, web apis, mobile apps, and desktop apps. And CVE scanning for dependencies, although that was less automated
1 - who does this for open software
2 - do open tools exist to automate this, ours were expensive corpware
Not talking about lint, but like Fortify (which recently enshitified)