Logo des Repositoriums
 

IDE Support for Cloud-Based Static Analyses

dc.contributor.authorLuo, Linghui
dc.contributor.authorBodden, Eric
dc.contributor.editorGrunske, Lars
dc.contributor.editorSiegmund, Janet
dc.contributor.editorVogelsang, Andreas
dc.date.accessioned2022-01-19T12:56:53Z
dc.date.available2022-01-19T12:56:53Z
dc.date.issued2022
dc.description.abstractWe present a user study with developers at Amazon Web Services on their expectations of IDE support for cloud-based static analyses. The paper was originally presented at ESEC/FSE 2021. Many companies are providing Static Application Security Testing (SAST) tools as a service. These tools fit well into CI/CD, because CI/CD allows time for deep static analyses on large code bases and prevents vulnerabilities in the early stages of the development lifecycle. In CI/CD, the SAST tools usually run in the cloud and provide findings via a web interface. Recent studies show that developers prefer seeing the findings of these tools directly in their IDEs. Most tools with IDE integration run lightweight static analyses and can give feedback at coding time, but SAST tools take longer to run and usually are not able to do so. Can developers interact directly with a cloud-based SAST tool that is typically used in CI/CD through their IDE? We conducted a user study to explore how such IDE support should be designed. Through this study we identified the key design elements expected by developers and investigated whether an IDE solution fits better into developers’ workflow in comparison to a web-based solution.en
dc.identifier.doi10.18420/se2022-ws-019
dc.identifier.isbn978-3-88579-714-2
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/37971
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofSoftware Engineering 2022
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-320
dc.subjectIDE integration
dc.subjectStatic analysis
dc.subjectCloud service
dc.subjectSAST tools
dc.subjectSecurity testing
dc.titleIDE Support for Cloud-Based Static Analysesen
dc.typeText/Conference Paper
gi.citation.endPage63
gi.citation.publisherPlaceBonn
gi.citation.startPage61
gi.conference.date21.-25. Feburar 2022
gi.conference.locationBerlin/Virtuell
gi.conference.sessiontitleWissenschaftliches Hauptprogramm

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
A1-19.pdf
Größe:
161.1 KB
Format:
Adobe Portable Document Format