Skip to content
/ SCALe Public
forked from cmu-sei/SCALe

SCALe (Source Code Analysis Lab) is a static analysis aggregator/correlator which enables a source code analyst to combine static analysis results from multiple tools into one interface, and also provides mappings for diagnostics from the tools to the SEI CERT Secure Coding standards.

Notifications You must be signed in to change notification settings

suha1233/SCALe

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Source Code Analysis Lab (SCALe)


Copyright (c) 2007-2018 Carnegie Mellon University. All Rights Reserved. See the ./COPYRIGHT file for details.

Installation Instructions (VM)

If the SCALe web app is provided via a virtual machine (VM), then the SCALe app will be configured to run automatically when the machine boots.

Installation Instructions (Zip)

If the SCALe web app is provided via a zip archive, it is referred to as <scale_webapp_archive>.zip below. This archive should be extracted on your web app server in a location of your choosing.

We will refer to this location as SCALE_HOME. You may find it useful to define this environment variable in your system to point to the root of your SCALe installation.

If the zip is downloaded from Github, the scale.app folder will be inside another folder like "SCALe-Master". In this case, SCALe-Master would be the location of SCALE_HOME.

Extracting the archive might look something like this:

export SCALE_HOME="/location/of/SCALe/install"
mkdir -p $SCALE_HOME
cd $SCALE_HOME
unzip /location/of/<scale_webapp_archive>.zip

Use the instructions for installing and managing SCALe by opening the following file in a web browser:

$SCALE_HOME/scale.app/public/doc/index.html

If you are running the offline version, the SEI CERT Coding rules and the Common Weakness Enumeration (CWEs) that accompany the distribution may not be up-to-date. The current version of the SEI CERT Coding rules are available online at: https://securecoding.cert.org The current version of the CWEs is available at: https://cwe.mitre.org/

Relevant Known Issues

  • During the quick start demonstration, the following superfluous error is generated in the web app console: ".../scale.app/archive/backup/6/analysis/...out: no such file or directory".

  • The digest_diagnostics script does not follow symlinks in source directories.

  • The pathnames in Rosecheckers output are incorrect when executed on a project that compiles files outside of the directories they live in. This affects the web app's ability to display the source code associated with a diagnostic.

  • Some of the links in the exported secure coding rule documentation point to online pages, and will fail on a machine with no Internet connection.

Support

Questions and comments can be sent to [email protected].

About

SCALe (Source Code Analysis Lab) is a static analysis aggregator/correlator which enables a source code analyst to combine static analysis results from multiple tools into one interface, and also provides mappings for diagnostics from the tools to the SEI CERT Secure Coding standards.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 31.7%
  • HTML 23.5%
  • Makefile 12.9%
  • Shell 9.7%
  • C++ 7.6%
  • Roff 4.9%
  • Other 9.7%