search menu icon-carat-right cmu-wordmark

Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe

Technical Report
This report summarizes progress and plans for developing a system to perform automated classification and advanced prioritization of static analysis alerts.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2019-TR-007
DOI (Digital Object Identifier)
10.1184/R1/12363575.v1

Abstract

This report summarizes technical progress and plans as of late September 2018 for developing a system to perform automated classification and advanced prioritization of static analysis alerts. Many features and fields have been added to the Source Code Analysis Laboratory (SCALe) static analysis alert auditing tool to support this functionality. This report describes the new features and fields, and how to use them. It also describes the plan to connect this enhanced version of SCALe to an architecture that will provide classification and prioritization via API calls, and provides the API definition that has been developed. A prototype that instantiates the architecture is being developed; future work will complete the prototype and integrate the latest version of SCALe with it.

Cite This Technical Report

Flynn, L., McNeil, E., Svoboda, D., Leung, D., Kurtz, Z., & Lee, J. (2019, May 13). Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe. (Technical Report CMU/SEI-2019-TR-007). Retrieved May 19, 2024, from https://doi.org/10.1184/R1/12363575.v1.

@techreport{flynn_2019,
author={Flynn, Lori and McNeil, Ebonie and Svoboda, David and Leung, Derek and Kurtz, Zachary and Lee, Jiyeon},
title={Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe},
month={May},
year={2019},
number={CMU/SEI-2019-TR-007},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/12363575.v1},
note={Accessed: 2024-May-19}
}

Flynn, Lori, Ebonie McNeil, David Svoboda, Derek Leung, Zachary Kurtz, and Jiyeon Lee. "Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe." (CMU/SEI-2019-TR-007). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, May 13, 2019. https://doi.org/10.1184/R1/12363575.v1.

L. Flynn, E. McNeil, D. Svoboda, D. Leung, Z. Kurtz, and J. Lee, "Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2019-TR-007, 13-May-2019 [Online]. Available: https://doi.org/10.1184/R1/12363575.v1. [Accessed: 19-May-2024].

Flynn, Lori, Ebonie McNeil, David Svoboda, Derek Leung, Zachary Kurtz, and Jiyeon Lee. "Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe." (Technical Report CMU/SEI-2019-TR-007). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 13 May. 2019. https://doi.org/10.1184/R1/12363575.v1. Accessed 19 May. 2024.

Flynn, Lori; McNeil, Ebonie; Svoboda, David; Leung, Derek; Kurtz, Zachary; & Lee, Jiyeon. Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe. CMU/SEI-2019-TR-007. Software Engineering Institute. 2019. https://doi.org/10.1184/R1/12363575.v1