Integration of Automated Static Analysis Alert Classification and Prioritization.pdf (2.19 MB)

Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe

Download (2.19 MB)
journal contribution
posted on 15.09.2020 by Lori Flynn, Ebonie McNeil, David Svoboda, Derek Leung, Zachary Kurtz, Jiyeon Lee
This report summarizes technical progress and plans as of late September 2018 for developing a system to perform automated classification and advanced prioritization of static analysis alerts. Many features and fields have been added to the Source Code Analysis Laboratory (SCALe) static analysis alert auditing tool to support this functionality. This report describes the new features and fields, and how to use them. It also describes the plan to connect this enhanced version of SCALe to an architecture that will provide classification and prioritization via API calls, and provides the API definition that has been developed. A prototype that instantiates the architecture is being developed; future work will complete the prototype and integrate the latest version of SCALe with it.

History

Publisher Statement

Copyright 2019 Carnegie Mellon University. All Rights Reserved. This material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The view, opinions, and/or findings contained in this material are those of the author(s) and should not be con-strued as an official Government position, policy, or decision, unless designated by other documentation. References herein to any specific commercial product, process, or service by trade name, trade mark, manu-facturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by Carnegie Mellon University or its Software Engineering Institute. This report was prepared for the SEI Administrative Agent AFLCMC/AZS 5 Eglin Street Hanscom AFB, MA 01731-2100 NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

Date

12/05/2019

Exports

Exports