Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe

May 2019 • Technical Report

Lori Flynn, Ebonie McNeil, David Svoboda, Derek Leung, Zachary Kurtz, Jiyeon Lee (Carnegie Mellon University)

This report summarizes progress and plans for developing a system to perform automated classification and advanced prioritization of static analysis alerts.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2019-TR-007

DOI (Digital Object Identifier):

10.1184/R1/12363575.v1

Subjects

Abstract

This report summarizes technical progress and plans as of late September 2018 for developing a system to perform automated classification and advanced prioritization of static analysis alerts. Many features and fields have been added to the Source Code Analysis Laboratory (SCALe) static analysis alert auditing tool to support this functionality. This report describes the new features and fields, and how to use them. It also describes the plan to connect this enhanced version of SCALe to an architecture that will provide classification and prioritization via API calls, and provides the API definition that has been developed. A prototype that instantiates the architecture is being developed; future work will complete the prototype and integrate the latest version of SCALe with it.

Download PDF

Cite This Report

SEI

Flynn, Lori; McNeil, Ebonie; Svoboda, David; Leung, Derek; Kurtz, Zach; & Lee, Jiyeon. Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe. CMU/SEI-2019-TR-007. Software Engineering Institute, Carnegie Mellon University. 2019. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=546157

IEEE

Flynn. Lori, McNeil. Ebonie, Svoboda. David, Leung. Derek, Kurtz. Zach, and Lee. Jiyeon, "Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2019-TR-007, 2019. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=546157

APA

Flynn, Lori., McNeil, Ebonie., Svoboda, David., Leung, Derek., Kurtz, Zach., & Lee, Jiyeon. (2019). Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe (CMU/SEI-2019-TR-007). Retrieved March 27, 2023, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=546157

CHI

Lori Flynn, Ebonie McNeil, David Svoboda, Derek Leung, Zach Kurtz, & Jiyeon Lee. Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe (CMU/SEI-2019-TR-007). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2019. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=546157

MLA

Flynn, Lori., McNeil, Ebonie., Svoboda, David., Leung, Derek., Kurtz, Zach., & Lee, Jiyeon. 2019. Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe (Technical Report CMU/SEI-2019-TR-007). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=546157

BibTex

@techreport{FlynnIntegrationof2019,
title={Integration of Automated Static Analysis Alert Classification and Prioritization with Auditing Tools: Special Focus on SCALe},
author={Lori Flynn and Ebonie McNeil and David Svoboda and Derek Leung and Zach Kurtz and Jiyeon Lee},
year={2019},
number={CMU/SEI-2019-TR-007},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=546157} }

Ask a question about this Technical Report

Software Engineering Institute