1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
This is "BogoSec" developed by Dustin Kirkland, Agoston Petz, and Loulwa Salem of IBM Linux Technology Center Security Team.
It's a Perl based tool that invokes source code scanners on target code, analyzes the output, and calculates a quality metric value indicating the security level of the code.
INSTALLATION:
=============
- Install scanners
The following scanners are supported by BogoSec:
FlawFinder : http://www.dwheeler.com/flawfinder
RATS : http://www.securesoftware.com/resources/tools.html
The following scanner is no longer supported:
ITS4 : http://www.cigital.com/its4
Install at least one of the scanners supported by BogoSec.
- Download http://sourceforge.net/projects/bogosec/ and uncompress tarball
tar xvzf bogosec*.tar.gz
cd bogosec*
or
gunzip bogosec*.tar.gz
tar xvf bogosec*.tar
cd bogosec*
- Install BogoSec using "make install"
This will place the tool executables in /usr/bin.
The scanner plugins will be placed in /usr/lib/bogosec/plugins.
RUN BogoSec:
============
- Supported target_code formats:
Single source files (*.c, *.cpp, *.c++)
Entire source tree
Archives (*.tar.gz, *.tgz)
Source RPM (*.src.rpm)
- Invoke BogoSec:
bogosec <options> target_code
or
bogosec_wrapper target_directory
Refer to man pages for more information about available options
REMOVAL:
========
- If needed, uninstall the tool using "make uninstall"
|