What is?
Owasp Orizon is source code static analysis tool like findbugs, pmd or their commercial counterpart such as Fortify SCA or IBM Rational Ounce 6 (formerly known as Ounce 6 by Ounce labs).
Owasp Orizon is part of the Owasp project and it was started back in the 2006 intended to be a framework for all opensource static analysis tools. During the years, the project's goals evolved and now Owasp Orizon is:
- a standalone tool written in Java
- a J2EE web application intended to be used in a distributed environment (e.g. a widespread enterprise internal code review team)
- an engine that can be embedded in a security tools
Who is inteded for?
Owasp Orizon is inteded to be used by security specialist, code reviewers, source code testers and developers with an hackish mindset.
What can I do with it?
Well, using Owasp Orizon you can perform a security code review over your code making sure it fits recommendations contained into the Owasp Build Guide and the Owasp Code review Guide.
Seems to be cool. Tell me more...
It's easy. use the menu to navigate this website. The first thing you may want to do is to read more over Owasp Orizon internals description discovering how things work internally.
You may want to start with the tool's architecture figuring out which are the base component of the system. Then you can go further looking at the Owasp Orizon kernel to discover the tool's engine based layout.
Finally you can take a look to the roadmap and look the project status, and which are the next actions that it will be taken
Then you may want to download the code, learn it, love it and try to write some cool stuff to improve the tool. Otherwise you can simply download the binary package and then start using it in your real world work.
I'm a developer dude, I want to contribute...
It's great. Follow the instructions you can find here and start hacking.
Last modified: Fri Nov 20 10:07:12 UTC 2009, by thesp0nge