Dashboard
- Add Loading spinner
- Error handling Improvement
- Settings Improvement
- Light Themes
- Update resources
- Add multi support
Scanner
- support any programming languages
- integrated to IDE
- integrated to jenkins
- integrated to github
Instalation
- work with docker
- Requirement: Must support your programming language, but not usually a key factor once it does.
- Types of vulnerabilities it can detect (out of the OWASP Top Ten?) (plus more?)
- How accurate is it? False Positive/False Negative rates?
- Does the tool have an OWASP Benchmark score?
- Does it understand the libraries/frameworks you use?
- Does it require a fully buildable set of source?
- Can it run against binaries instead of source?
- Can it be integrated into the developer's IDE?
- How hard is it to setup/use?
- Can it be run continuously and automatically?
- License cost for the tool. (Some are sold per user, per org, per app, per line of code analyzed. Consulting licenses are frequently different than end user licenses.)
reference : https://owasp.org/www-community/Source_Code_Analysis_Tools