This repository hosts various plugins which integrate CogniCrypt Static Analysis into your build environments.
Currently this repository lists the following plugins:
- Maven build plugin -
maven: Runs CogniCrypt analysis at the verify phase and reports any crypto API misuses. Reports can be written to console or into a SARIF (Static Analysis Results Interchange Format) file. - Jenkins Next Generation Warnings plugin -
jenkins-ng-warnings: As a post-build-action it takes a SARIF input and presents the findings.
Please see the individual folders for detailed information about building and installing.
TODO
- Maven Plugin only works for JCA CrySL ruleset.
This work is part of the research project "AppSecure.nrw - Security-by-Design of Java-based Applications". The project is funded by the European Regional Development Fund (ERDF-0801379).
