Tips for Using the SWAMP
Make sure you are taking advantage of everything the SWAMP has to offer! The Software Assurance Marketplace provides a large variety of static analysis tools and an integrated results viewer designed to highlight weaknesses and vulnerabilities in software. Guarantee that the code you write or the code that you intend to use is secure by perfecting use of the SWAMP.
- Packages: The packages page allows you to upload files containing your code or link to a code repository to be assessed. The SWAMP will walk you through providing information to build the software. The SWAMP supports a variety of programming languages.
- Assessments: The assessments page is where you set up an assessment to evaluate your software. Choose a software package, one or more static analysis tools, and a platform. Assessments can be run on a scheduled basis to periodically check your code to make sure that it remains secure.
- Results: The results page allows you to view the results of an assessment run on a software package using one or more tools on a particular platform. By choosing the CodeDx results viewer, you can view the output from several assessments on the same software package and compare the results found by the different tools.
- Runs: The runs page shows all of your recurring or scheduled assessment runs. Make sure your software is continuously assured by maintaining scheduled runs.
- Projects: Projects allow you to collaborate with other SWAMP users. Create a new project and invite others to join. Share a package with a project so others can view the software and assessment results.