Home Best Practices Enhanced security for C++, Java, and Scala with Clang-Tidy and SpotBugs

Enhanced security for C++, Java, and Scala with Clang-Tidy and SpotBugs

Author

Date

Category

As part of our effort to continue expanding our language support, we are excited to announce the support of two new tools for all Codacy users: Clang-Tidy and SpotBugs.

Clang-Tidy

Clang-Tidy is a tool for C and C++. Its purpose is to diagnose typical programming errors, like style violations, interface misuse, or bugs that can be deduced via static code analysis. It checks for more than 300 common bug patterns including critical security and performance flaws.

You can get started by following our Clang-Tidy guide.

SpotBugs

SpotBugs (the successor of FindBugs) is a program which uses static code analysis to look for bugs in Java and Scala code. It checks for more than 400 bug patterns. We’ve also bundled Find Security Bugs: a SpotBugs plugin for security audits of Scala web applications. The issues reported cover the OWASP Top 10 and CWE standards.


Example of Potential Scala Slick Injection: WASC-19; CAPEC-66; CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’); OWASP: Top 10 2013-A1-Injection.

Last week we announced SpotBugs support to Codacy Self-hosted, which now is also available for all users. So if you use Java or Scala, you can already add the new security checks by following our SpotBugs guide.

What’s next?

Today, we are also announcing our plan to support even more tools – your tools.

We’re developing a new system called Client-side Tools that will let you standardize your code quality by reporting issues from your own linting tools and checkers to Codacy.

The Client-side Tools will allow running any tool either locally or as part of your CI pipeline and then integrate the results into your Codacy workflow. This way, Codacy will present the results coming from your tools alongside all the other code quality information in the dashboards. 

The Client-side Tools will not only support private tools but also other use cases that you might be encountering in your current Codacy usage:

  • Whether you are running a different version of a tool or plugin from the currently built-in tools on Codacy;
  • You are running a tool with a private plugin; 
  • Running a tool with custom rules; 
  • Running a tool with advanced inspection capabilities that must have access to the compilation result.

Starting today, Self-hosted, Cloud and Open-source users will have access to Clang-Tidy and SpotBugs, which are the first version of Client-side Tools. We’ll continue to work on opening the system so that we can support more tools in the future.

Let us know what you think, we look forward to listening to your thoughts.

If you use GitHub, Bitbucket, or GitLab, you can get started with Codacy in just a few seconds.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

Recent posts

Introducing Pulse to help companies achieve elite engineering performance

At Codacy, we envision a future where everyone can impact the world by crafting complex software with confidence and focus at the speed of...

First QA Engineer in a Startup

This is the story of how I joined a startup as the first QA Engineer in the company.  My name is Bruno Medley, I'm a...

Is your code secure with Codacy?

If you have been in the development business, you are well aware of the fact that data breaches are a part of the development...

8 Common Software Development Mistakes and How to Avoid Them

The world of software development is fast-paced and ever-changing. The queue of feature requests never seems to shrink. With the constant demand for improvements, adherence...

The Bundling and Unbundling of the DevOps market

The DevOps market continues to grow1: The global development and operations (DevOps) market size stood at USD 3,709.1 million in 2018 and is projected to...