fbpx
Welcome, Guest
Username: Password: Remember me
This public forum is meant for questions and discussions about Visual FoxPro
  • Page:
  • 1

TOPIC:

Security Scan for X# 10 Sep 2020 17:37 #15867

  • markus.lopin's Avatar

  • markus.lopin

  • Topic Author


  • Posts: 2
  • Hi,

    We are considering X# for replacing some of our VFP components. We have the requirement for security scan support (e.g. like SonarCube), if we introduce a new programming language. Is there any known tool or SonarCube plug-in which can support this search for bugs, vulnerabilities and code smells for X# or maybe on MSIL/CIL level?

    Thank you
    Markus

    Please Log in or Create an account to join the conversation.

    Security Scan for X# 10 Sep 2020 19:31 #15869

  • robert's Avatar

  • robert


  • Posts: 1862
  • Markus,
    I am not familiar with SonarCube, but if this product can scan IL code, such as produced by C# and VB, then it should have no problem with assemblies produced by X#. We are using the same underlying components as C# and VB to produce our binaries.
    If SonarCube scans source code then it most likely does not support X#.

    Robert
    XSharp Development Team
    The Netherlands

    Please Log in or Create an account to join the conversation.

    Security Scan for X# 11 Sep 2020 07:41 #15870

  • markus.lopin's Avatar

  • markus.lopin

  • Topic Author


  • Posts: 2
  • Robert,
    Thank you for your fast response. SonarCube has dedicated VB/C# plug-ins and I have not found any IL scanner. I was curious if someone in the forum would know a tool for IL security scanning or would have the same request.
    Markus

    Please Log in or Create an account to join the conversation.

    Security Scan for X# 21 Sep 2020 11:50 #15920

  • VR's Avatar

  • VR


  • Posts: 1
  • Hello,

    we use SonarQube for some of our c# projects. I tried, if the dotnet scanner of SonarQube picks up X# code, but sadly that is not the case.

    It is possible to create plugins for SonarQube to add new languages. I created a proof of concept, that scans x# code and counts statements and comments, but it's quite complicate. IMO, one possible way to implement the integration is to use the XSharpParser or XSharpCompiler to create a file with the parsed sourcefile and a plugin that imports this data into SonarQube.

    Volkmar

    Please Log in or Create an account to join the conversation.

    • Page:
    • 1