Secure Coding, Made Easy!
The Secure Coding Assistant by California State University Sacramento, commonly referred to as the “Secure Coding Assistant,” is a plugin for the Eclipse Development Environment that alerts developers when they are at risk of violating one of the secure coding rules for the Java programming language. The secure coding rules are defined by the CERT division of the Software Engineering Institute at Carnegie Mellon University. A complete list of the rules may be found here Full credit of the rules used in the tool are given to CERT. This is an open source application created by Ben White with plans to be maintained by graduate students. Future development work on this project will focus on expanding the rule set used for vulnerability detection and additional features.
To install the Secure Coding Assistant in Eclipse, go to the Help menu and click on “Install New Software.” The update site is http://bwprojects.org/SecureCodingPlugin (do not click the link, it only works in Eclipse).
If you are planning on downloading the source code you will want to use Eclipse IDE for Committers with the Plugin Development Environment (PDE) module loaded.
Version 2
Version 2 development branch now available with work from Chen Li supporting “Design by Contract” and quick-correction feature on detected rules violations.
Version 3
Version 3 (coming soon) enables both detection of secure coding rule violations and detection of program logic errors by using a combination of Design by Contract and Programming Logic.
Project Documentation
The following additional project documentation is available at this time
-
Wenhui Liang, Cui Zhang, Jun Dai, “Enhancing Secure Coding Assistant System with Design by Contract and Programming Logic”. Submitted to National Cyber Summit (NCS) 2021.
Contact Information
Ben White, ben_white@att.net
Chen Li, li3@csus.edu