new | ask | show | jobs
jrnng 4 days ago  [ - ]

That's sneaky. Do any code scanners check for that class of vulnerability?

Scanning for external dependencies is common but not so much internal private libraries.

emmelaich 4 days ago  [ - ]

https://linuxsecurity.expert/compare/tools/linux-auditing-to... shows a few.

I've used Tiger/Saint/Satan/COPS in the distant past. But I think they're somewhat obsoleted by modern packaging and security like apparmor and selinux, not to mention docker and similar isolators.

saagarjha 3 days ago  [ - ]

Code scanners cannot protect you from code execution on your machine.