July 2018
Intermediate to advanced
356 pages
9h 18m
English
Content preview from Hands-On Security in DevOps
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
IDE plugins to automate the code review
The key advantages of using the IDE plugins to perform the automated security code review is that the tools can provide informative suggestions for fixes during the coding stage. It works in a similar way to a spellchecker. This will reduce lots of code review efforts and security defects that can't be detected by blackbox testing. The disadvantage is that this kind of static code scanning may introduce some annoying false positives, and the developer team may ignore or forget to use the IDE plugins to do static secure code analysis.
The following table shows some of the open source IDE plugins that can help developers to detect security and coding errors. Only open source tools are listed here, although ...