Published on March 23rd, 2015 📆 | 6635 Views ⚑0
Yasca – Multi-Language Static Analysis Toolset
Yasca is an open source program which looks for security vulnerabilities, code-quality, performance, and conformance to best practices in program source code. It’s basically a tool-kit for multi-language static analysis.
It leverages on external open source programs, such as:
Yasca can be used to scan specific file types, and also contains many custom scanners developed just for it. It is a command-line tool that generates reports in HTML, CSV, XML, SQLite, and other formats. Yasca is easily extensible via a plugin-based architecture, so scanning any particular file is as simple as coming up with the rules or integrating external tools. Yasca also features a simple regular-expression plugin that allows new rules to be written in less than a minute.
Yasca is written in command-line PHP and released under the BSD license.
You can download Yasca here:
Or read more here.