Goanna 3.4 Released

The Red Lizards team is pleased to announce the release of version 3.4 of the Goanna suite of static analysis tools across all product lines!

New Security Package

A new checks package is now included with Goanna, specifically targeted at finding security vulnerabilities in your code. This package includes checks for vulnerabilities listed in SANS Top 25, OWASP and other vulnerabilities identified by CWE. These checks track the flow of data in a program to determine what parts of your code can be influenced by user input. New checks in the security package catch vulnerabilities such as SQL injection, user controlled buffer overrun and possible user controlled code execution.

For a full list of changes click here to download the release notes.

New Project Level Utilities

Goanna 3.4 includes a new set of project level utilities that improve usability over previous versions. As part of these new tools, all Goanna information is now stored in a .goanna directory, which by default is at the root of your project. The new commands available with Goanna 3.4 are:

  • goanna-init — initialises the per-project data/configuration storage directory (.goanna by default) 
  • goanna-trace — performs a build trace that can be used to analyse a project
  • goanna-analyse — actually perform analysis of the recorded build trace
  • goanna-package — enable/disable packages and checks on a per-project basis
  • goanna-report — generate XML and HTML report files from the analysis results
  • goanna-snapshot — create a snapshot that will be displayed in the goanna dashboard
For existing customers, a new README contains information about migrating from old tools to the new project level tools.

Improved Build Recording

goanna-trace, included with Goanna 3.4, is a new utility used to capture project information by analysing your projects build process. This tool provides far better accuracy than the previous recording tools (e.g. goannamake) by capturing the whole environment in which a build is run. This enables Goanna to more accurately emulate your compiler and its environment when performing analysis. In addition to accuracy, goanna-trace is able to handle more build systems than before.

Get Goanna 3.4 Today!

For existing customers, Click Here to download. For new customers, request an evaluation.

No Comments

Post a Comment