Collection of Static Analysis Assets

September 9, 2024 • Collection

By
Software Engineering Institute

This collection contains materials on SEI’s research regarding how to improve alert systems in static analysis tools as well as the automation of these tools.

Publisher

Software Engineering Institute

Topic or Tag

Static Analysis

Abstract

Static analysis (SA) tools analyze source code for security defects and alert users to issues that require repair. While invaluable, SA tools tend to produce a large number of alerts (many of which are false positives), making it difficult to identify valid alerts and, in turn, to address critical security defects. SEI researchers are actively publishing research and building prototype tools to improve static analysis alerts.

Collection Items

Results per page

Redemption Tool Demo: View Difference Between Original Code and Repaired Code (Manual Review)

October 25, 2024 • Video

By Lori Flynn, David Svoboda, Rebecca Beliak

This video shows a manual review of the code repairs done by Redemption in a terminal.

Watch

Redemption Tool Demo Video: Separate Environments for Code Compilation and Code Repair

October 8, 2024 • Video

By Lori Flynn, David Svoboda, Rebecca Beliak

This video shows the manual review of the code repairs done by Redemption in a terminal.

Watch

Redemption: A Prototype for Automated Repair of Static Analysis Alerts

June 10, 2024 • Blog Post

By David Svoboda

Heuristic static analysis (SA) tools are a critical component of software development. These tools use pattern matching and other heuristic techniques to analyze a program’s source code and alert users …

Read

Automated Repair of Static Analysis Alerts

May 31, 2024 • Podcast

By David Svoboda

David Svoboda discusses Redemption, a new open source tool that automatically repairs common errors in C/C++ code generated from static analysis alerts.

Listen

SCALe

September 29, 2021 • Software

By GitHub

SCALe is a static analysis aggregation framework that has been developed mostly as a research prototype tool as part of the SEI’s research projects.

Download

Release of SCAIFE System Version 2.0.0 Provides Support for Continuous-Integration (CI) Systems

October 25, 2021 • Blog Post

By Lori Flynn

The Source Code Analysis Integrated Framework Environment (SCAIFE) system is a research prototype for a modular architecture. The architecture is designed to enable a wide variety of tools, systems, and …

Read

SCAIFE and ACR: Static Analysis Classification and Automated Code Repair

September 15, 2021 • Presentation

By Lori Flynn, William Klieber

Flynn and Klieber describe their research and concept for a combined system for static analysis classification and automated code repair.

Learn More

Rapid Adjudication of Static Analysis Alerts During Continuous Integration

December 15, 2020 • Video

By Lori Flynn, Robert Nord, Hasan Yasar

Progress in research toward the rapid adjudication of static analysis alerts during continuous integration.

Watch

Advancing Cyber Operator Tradecraft Through Automated Static Binary Analysis

December 15, 2020 • Video

By Cory Cohen, Edward J. Schwartz, Jeff Gennari

This presentation discusses three SEI research and development projects that help malware and vulnerability analysts.

Watch

SCAIFE: An Alert Auditing Classification Prototype

August 19, 2019 • Video

By Ebonie McNeil

In this SEI Cyber Minute, Ebonie McNeil explains how the Source Code Analysis Integrated Framework Environment or (SCAIFE) prototype is intended to be used by developers and analysts who manually …

Watch

Software Engineering Institute