SWAMP Supports CodeSonar and Web Scripting Languages!

Today, the SWAMP released several new and exciting updates which are now available on mir-swamp.org! New

  • GrammaTech’s CodeSonar static analysis tool has been added to assess C/C++ packages. Users must request access, agree to the EULA, and receive permission before using this tool in the SWAMP.
  • We added support for 5 new programming languages: CSS, HTML, JavaScript, PHP, and XML.
  • We added 9 new assessment tools for web scripting languages:
    • CSS Lint (for CSS)
    • ESLint (for JavaScript)
    • Flow (for JavaScript)
    • HTML Tidy (for HTML and XML)
    • JSHint (for JavaScript or HTML files with inline JavaScript)
    • PHPMD (for PHP)
    • PHP_CodeSniffer (for PHP, JavaScript, and CSS)
    • Retire.js (for JavaScript)
    • XML Lint (for XML)
  • We added several new sample curated packages for the web scripting languages on the Resources tab under Packages.
  • We added new versions and/or updates for the following assessment tools: Bandit, Flake8, Pylint, checkstyle, OWASP Dependency Check, error-prone, FindBugs, PMD.
  • When adding a new package or adding a new version to an existing package, users have the option to select an archive file from the Local File System or enter an external URL and a checkout argument (branch, tag, or commit) for a Remote Git Repository.
  • Improved error reporting for assessment failures. Assessments that complete with a status of “finished with errors – retry” can be re-run and should complete successfully.
  • Updated the “Status.out and Debugging SWAMP Failures” document on the Help page to assist with debugging failed assessments. Failed assessments now show the contents of the status.out file at the top of the Failed Assessment Report (by clicking the “! Error” button in the Results column).
  • Added a Compatibility tab to the Package Version view to show platform compatibility information for curated packages.
  • The names of the statuses shown on the Results page have been updated to better indicate what is happening as assessment jobs are processed.

Let us know if you have any questions at support@continuousassurance.org.


Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.