The Software Assurance Marketplace is being enhanced to meet the needs of the user community. We continue to provide user support, software updates, bug fixes, and system performance improvements. At the request of the Department of Homeland Security, we can extend this phase of operation for additional years.
Planned Development for 2018
- Plug-ins for Eclipse IDE and Jenkins – Available Now!
- Addition of Synopsys Static Analysis (Coverity) – Available Now!
- Addition of Parasoft’s C/C++test and Jtest to SWAMP-in-a-Box – Available Now!
- Addition of Sonatype’s Application Health Check analysis tool
- Addition of PRQA’s analysis tool
- Plug-ins for IDEs: BlueJ or IntelliJ
- Support for .NET in Linux
- Ability to share SWAMP results publicly
- Ability to import external results into SWAMP
- Support for Windows
- Addition of dynamic analysis capabilities
Integration of Static Tool Analysis Modernization Project (STAMP) Deliverables
Deliverables from the STAMP project are scheduled for integration with SWAMP starting in 2018. In collaboration with other performers in the DHS S&T CSD technical program, the SWAMP may also be leveraged to support the testing and evaluation of their technologies.
- Broad Agency Announcement HSHQDC-16-R-B0002
- Goal is to modernize a list of candidate software analysis tools to improve tool performance and coverage, to seamlessly integrate and support continuous integration and DevOps operational environments, and provide stronger analysis results by reducing false-positives, and provide visibility into false-negatives that often leave residual risks.
- TTA #1 – Test Case Generator
- TTA #3 – Tool Modernization
- TTA #4 – Operational Pilot Implementing Tool Scoring and Labeling