Goanna 3.4 Released
The Red Lizards team is pleased to announce the release of version 3.4 of the Goanna suite of static analysis tools across all product lines!
New Security Package
A new checks package is now included with Goanna, specifically targeted at finding security vulnerabilities in your code. This package includes checks for vulnerabilities listed in SANS Top 25, OWASP and other vulnerabilities identified by CWE. These checks track the flow of data in a program to determine what parts of your code can be influenced by user input. New checks in the security package catch vulnerabilities such as SQL injection, user controlled buffer overrun and possible user controlled code execution.
For a full list of changes click here to download the release notes.
New Project Level Utilities
Goanna 3.4 includes a new set of project level utilities that improve usability over previous versions. As part of these new tools, all Goanna information is now stored in a .goanna directory, which by default is at the root of your project. The new commands available with Goanna 3.4 are:
- goanna-init — initialises the per-project data/configuration storage directory (.goanna by default)
- goanna-trace — performs a build trace that can be used to analyse a project
- goanna-analyse — actually perform analysis of the recorded build trace
- goanna-package — enable/disable packages and checks on a per-project basis
- goanna-report — generate XML and HTML report files from the analysis results
- goanna-snapshot — create a snapshot that will be displayed in the goanna dashboard
Improved Build Recording
goanna-trace, included with Goanna 3.4, is a new utility used to capture project information by analysing your projects build process. This tool provides far better accuracy than the previous recording tools (e.g. goannamake) by capturing the whole environment in which a build is run. This enables Goanna to more accurately emulate your compiler and its environment when performing analysis. In addition to accuracy, goanna-trace is able to handle more build systems than before.