Tool and Usage
Shellyzer helps with static code analysis for both developers and security professionals, to test the quality of shell scripts. This is also known as linting.
Why this tool?
Shell scripts are easy to create and often used by system administrator and developers. Although the language is fairly easy, there is a good number of best practices when creating them. Tools like Shellyzer can help auditing these scripts and improve the code or discover vulnerabilities.
How it works
Shellyzer parses a shell script and performs 'linting'. This process checks for proper syntax and find flaws in specific usage of variables and system calls.
Usage and audience
Shellyzer is commonly used for code analysis. Target users for this tool are developers and security professionals.
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code of this software is available
- - Unknown project license
Similar tools to Shellyzer:
Brakeman is a static code analysis tool for Ruby on Rails to perform a security review. It comes as an open source project with optional commercial support.
Cppcheck is a static code analysis tool for C and C++ code. It helps to discover bugs that would not be picked up by compilers, yet avoid any false positives.
Graudit is a security tool to perform static code analysis by using the grep tool. It is a lightweight solution to find common issues in code.