aegilopsJul 7, 2023

@ovid and other Perl  mongers. What, if anything, do you use for code security?

I know that using taint gets you far, but SAST is mostly what I’m thinking (especially for legacy code without taint). Any tips?

Does Perl::Critic do a decent job, and is there a list of what its security policy and 3rd party plug-ins cover?

Other OS SAST I found are: https://github.com/htrgouvea/zarn and this grep-based one: https://github.com/wireghoul/graudit

Are they OK?

#SAST #Perl #AppSec #CodeSecurity #PerlCritic

GitHub - htrgouvea/zarn: A lightweight static security analysis tool for modern Perl Apps

A lightweight static security analysis tool for modern Perl Apps - GitHub - htrgouvea/zarn: A lightweight static security analysis tool for modern Perl Apps

GitHub
Show threadBill Ricker
@aegilops @ovid
bdf's CPANSA and CPAN::Audit monitor published CVEs for your modules in use. Note that one has to refresh the DB before running, it doesn't automagical refresh the DB (that's a feature).
Jul 7, 2023 at 7:45pmWeb