Scribd Logo
Upload

Welcome to Scribd!

  • Lab 5

    Uploaded by

    Isuranga
    5 views1 page
    The document provides instructions for conducting static code analysis and dependency checking on a software project. It describes how to install the SpotBugs plugin in IntelliJ IDEA, use it to analyze a project for bugs, and export the results. It also explains how to use the OWASP Dependency Check tool to analyze a project's libraries for vulnerabilities and include the results in a zip file with two SpotBugs reports for submission.

    Original Description:

    Original Title

    lab 5

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides instructions for conducting static code analysis and dependency checking on a software project. It describes how to install the SpotBugs plugin in IntelliJ IDEA, use it to analyze a project for bugs, and export the results. It also explains how to use the OWASP Dependency Check tool to analyze a project's libraries for vulnerabilities and include the results in a zip file with two SpotBugs reports for submission.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    5 views1 page

    Lab 5

    Uploaded by

    Isuranga
    The document provides instructions for conducting static code analysis and dependency checking on a software project. It describes how to install the SpotBugs plugin in IntelliJ IDEA, use it to analyze a project for bugs, and export the results. It also explains how to use the OWASP Dependency Check tool to analyze a project's libraries for vulnerabilities and include the results in a zip file with two SpotBugs reports for submission.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 1

    Software security – Lab 5

    Open IntelliJ Idea.

    File-> settings - > Plugins - > search for ‘SpotBugs’

    Select ‘SpotBugs’ plugin and install it.

    Static Code analysis demo

    Open the project dbsample using IntelliJ and select it. Build the project using Rebuild all.

    Analyze for bugs (Analyze->Spot Bugs-> Analyze project files including test files). Export the report to an
    html file, using the arrow sign in the spot bugs output window. Fix the sql injection vulnerability and
    export the report again.

    Hint: There’s a button called ‘export results’ in the Spot bugs output window.

    Dependency vulnerability check

    Use the OWASP Dependency Check command line tool and check the dependency vulnerabilities of a set
    of libraries that you may have (you can download some gitlab project for this purpose or use the same
    dbsample project). You may use the following references to do this.

    https://owasp.org/www-project-dependency-check/

    hint:

    bash <<owasp dependency check directory>>/bin/dependency-check.sh -s <<path of the directory to


    scan)

    Submission:

    Archive the results of the two html reports from the IntelliJ plugin and the dependency vulnerability
    report to a single zip file and upload to the courseweb link. The zip file name should be your registration
    number.

    You might also like