Static Analysis Classification and Prioritization
Blog Posts
Release of SCAIFE System Version 2.0.0 Provides Support for Continuous-Integration (CI) Systems
Key features in new release of SCAIFE System Version 2.0.0 including support for continuous-integration (CI) systems, and status of evolving SEI SCAIFE work
• By Lori Flynn
In Secure Development
Benefits and Challenges of SOAR Platforms
Explore Security Orchestration, Automation, and Response (SOAR) platforms for improved incident response in this SEI Blog post.
• By Angela Horneman, Justin Ray
Release of SCAIFE System Version 1.0.0 Provides Full GUI-Based Static-Analysis Adjudication System with Meta-Alert Classification
The SEI Source Code Analysis Integrated Framework Environment (SCAIFE) is a modular architecture designed to enable a wide variety of tools, systems, and users to use artificial intelligence (AI) classifiers …
• By Lori Flynn
A Public Repository of Data for Static-Analysis Classification Research
This blog post describes a new repository of labeled data that CERT is making publicly available for many code-flaw conditions. Researchers can use this dataset along with the associated code …
• By Lori Flynn
In Secure Development
Managing Static Analysis Alerts with Efficient Instantiation of the SCAIFE API into Code and an Automatically Classifying System
Learn how the SEI's SCAIFE API helps classify and prioritize static analysis alerts, reduce manual effort, and improve accuracy in identifying code flaws.
• By Lori Flynn
Data-Driven Management of Technical Debt
Learn about the SEI's work on technical debt analysis techniques and practices to help software engineers manage its impact on projects in this SEI Blog post.
• By Ipek Ozkaya, Robert Nord
In Technical Debt
An Application Programming Interface for Classifying and Prioritizing Static Analysis Alerts
In this post, we describe the Source Code Analysis Integrated Framework Environment (SCAIFE) application programming interface (API). SCAIFE is an architecture for classifying and prioritizing static analysis alerts.
• By Lori Flynn, Ebonie McNeil
In Secure Development
SCALe v. 3: Automated Classification and Advanced Prioritization of Static Analysis Alerts
Static analysis tools analyze code without executing it, to identify potential flaws in source code. These tools produce a large number of alerts with high false-positive rates that an engineer …
• By Lori Flynn, Ebonie McNeil
In Secure Development
SCALe: A Tool for Managing Output from Static Analysis Tools
Experience shows that most software contains code flaws that can lead to vulnerabilities. Static analysis tools used to identify potential vulnerabilities in source code produce....
• By Lori Flynn
In Secure Development
Test Suites as a Source of Training Data for Static Analysis Alert Classifiers
Numerous tools exists to help detect flaws in code. Some of these are called flaw-finding static analysis (FFSA) tools because they identify flaws by analyzing code without running it....
• By Lori Flynn, Zachary Kurtz
In Secure Development
