Code Scan Tool - Forum - Progress User Groups - Progress Community

Code Scan Tool

 Forum

Code Scan Tool

This question is answered

Is anyone aware of a tool that can scan Progress code for vulnerabilities? For example, the tool "Vericode" can scan code at the binary level for error messages that might give hackers clues about how to access a system such as "Your user name is XYZ" etc. Is there any product that scans Progress code like this?

Thanks

Verified Answer
  • I may be wrong, but I don't think there are any off-the-shelf tools to do security scans of OpenEdge code. The OpenEdge plugin for SonarQube does static code analysis for OpenEdge procedures / classes, but there are no rules scanning for vulnerabilities. It may however be extended for this purpose.

    Disclaimer: I'm the author of the OpenEdge plugin for SQ

All Replies
  • I may be wrong, but I don't think there are any off-the-shelf tools to do security scans of OpenEdge code. The OpenEdge plugin for SonarQube does static code analysis for OpenEdge procedures / classes, but there are no rules scanning for vulnerabilities. It may however be extended for this purpose.

    Disclaimer: I'm the author of the OpenEdge plugin for SQ