http://www.sei.cmu.edu/feeds/tag/Updates on changes and additions to the SEI Blog for posts matching SCALE: A Static Analysis Auditing Toolen-usMon, 25 Oct 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/release-of-scaife-system-version-200-provides-support-for-continuous-integration-ci-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesKey features in new release of SCAIFE System Version 2.0.0 including support for continuous-integration (CI) systems, and status of evolving SEI SCAIFE workLori FlynnMon, 25 Oct 2021 00:00:00 -0400https://www.sei.cmu.edu/blog/release-of-scaife-system-version-200-provides-support-for-continuous-integration-ci-systems/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesContinuous Deployment of CapabilitySCALE: A Static Analysis Auditing ToolSecure CodingMachine LearningStatic AnalysisStatic Analysis Classification and PrioritizationSecure DevelopmentArtificial IntelligenceSource Code Analysis Integrated Framework Environment (SCAIFE)https://www.sei.cmu.edu/blog/release-scaife-system-version-100-provides-full-gui-based-static-analysis-adjudication-system-meta-alert-classification/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThe SEI Source Code Analysis Integrated Framework Environment (SCAIFE) is a modular architecture designed to enable a wide variety of tools, systems, and users to use artificial intelligence (AI) classifiers for static-analysis meta-alerts at relatively low cost and effort.Lori FlynnMon, 14 Dec 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/release-scaife-system-version-100-provides-full-gui-based-static-analysis-adjudication-system-meta-alert-classification/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSource Code Analysis Integrated Framework Environment (SCAIFE)Static Analysis Classification and PrioritizationSCALE: A Static Analysis Auditing Toolhttps://www.sei.cmu.edu/blog/public-repository-data-static-analysis-classification-research/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesThis blog post describes a new repository of labeled data that CERT is making publicly available for many code-flaw conditions. Researchers can use this dataset along with the associated code and tool output to monitor and test the performance of their automated classification of meta-alerts.Lori FlynnMon, 02 Nov 2020 00:00:00 -0500https://www.sei.cmu.edu/blog/public-repository-data-static-analysis-classification-research/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesStatic Analysis Classification and PrioritizationSCALE: A Static Analysis Auditing ToolSource Code Analysis Integrated Framework Environment (SCAIFE)https://www.sei.cmu.edu/blog/managing-static-analysis-alerts-with-efficient-instantiation-of-the-scaife-api-into-code-and-an-automatically-classifying-system/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesLearn how the SEI's SCAIFE API helps classify and prioritize static analysis alerts, reduce manual effort, and improve accuracy in identifying code flaws.Lori FlynnMon, 14 Sep 2020 00:00:00 -0400https://www.sei.cmu.edu/blog/managing-static-analysis-alerts-with-efficient-instantiation-of-the-scaife-api-into-code-and-an-automatically-classifying-system/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesStatic Analysis Classification and PrioritizationSCALE: A Static Analysis Auditing Toolhttps://www.sei.cmu.edu/blog/an-application-programming-interface-for-classifying-and-prioritizing-static-analysis-alerts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesIn this post, we describe the Source Code Analysis Integrated Framework Environment (SCAIFE) application programming interface (API). SCAIFE is an architecture for classifying and prioritizing static analysis alerts.Lori Flynn, Ebonie McNeilMon, 22 Jul 2019 00:00:00 -0400https://www.sei.cmu.edu/blog/an-application-programming-interface-for-classifying-and-prioritizing-static-analysis-alerts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesStatic Analysis Classification and PrioritizationSCALE: A Static Analysis Auditing Toolhttps://www.sei.cmu.edu/blog/scale-v-3-automated-classification-and-advanced-prioritization-of-static-analysis-alerts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesStatic analysis tools analyze code without executing it, to identify potential flaws in source code. These tools produce a large number of alerts with high false-positive rates that an engineer must....Lori Flynn, Ebonie McNeilMon, 17 Dec 2018 00:00:00 -0500https://www.sei.cmu.edu/blog/scale-v-3-automated-classification-and-advanced-prioritization-of-static-analysis-alerts/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSCALE: A Static Analysis Auditing ToolSecure CodingStatic Analysis Classification and PrioritizationSecure DevelopmentCyber Missionshttps://www.sei.cmu.edu/blog/scale-a-tool-for-managing-output-from-static-analysis-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesExperience shows that most software contains code flaws that can lead to vulnerabilities. Static analysis tools used to identify potential vulnerabilities in source code produce....Lori FlynnMon, 24 Sep 2018 00:00:00 -0400https://www.sei.cmu.edu/blog/scale-a-tool-for-managing-output-from-static-analysis-tools/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updatesSecure CodingSecure DevelopmentStatic Analysis Classification and PrioritizationCyber MissionsSCALE: A Static Analysis Auditing Tool