There's an initiative in our company to mandate use of a tool to provide an analysis of potential security faults as code is being developed and/or checked in.
For .Net, Java and PHP, they have chosen a tool called SecureAssist https://codiscope.com/products/secureassist/
Is there anything similar that supports Progress?
Thanks
For web applications, you can use OWASP ZAP which is a PEN testing tool for web applications. It is agnostic to the technology as it provides a spider/dynamic scan through HTTP.
www.owasp.org/.../OWASP_Zed_Attack_Proxy_Project
This does not perform static code analysis which can reveal other types of flaws.
I assume your company already evaluated SonarQube ( http://www.sonarqube.org ) which provides checks for Java and PHP (not sure about .Net), and with an excellent integration with code repositories and continuous integration tools.
An OpenEdge plugin for SonarQube is available ( github.com/.../sonar-openedge ), which would allow you to execute coding standards and defect rules (unfortunately no security rules for now), and also to write your own rules if you have specific needs.
Gilles