Vulnerable Source Code Detection Using Sonarcloud Code Analysis

Alifia Puspaningrum; Muhammad Anis Al Hilmi; Darsih; Muhamad Mustamiin; Maulana Ilham Ginanjar

doi:10.5220/0011862600003575

Vulnerable Source Code Detection Using Sonarcloud Code Analysis

Alifia Puspaningrum, Muhammad Anis Al Hilmi, Darsih, Muhamad Mustamiin, Maulana Ilham Ginanjar

2022

Abstract

In Software Development Life Cycle (SDLC), security vulnerabilities are one of the points introduced during the construction stage. Failure to detect software defects earlier after releasing the product to the market causes higher repair costs for the company. So, it decreases the company’s reputation, violates user privacy, and causes an unrepairable issue for the application. The introduction of vulnerability detection enables reducing the number of false alerts to focus the limited testing efforts on potentially vulnerable files. UMKM Masa Kini (UMI) is a Point of Sales application to sell any Micro, Small, and Medium Enterprises Product (UMKM). Therefore, in the current work, we analyze the suitability of these metrics to create Machine Learning based software vulnerability detectors for UMI applications. Code is generated using a commercial tool, SonarCloud. Experimental result shows that there are 3,285 vulnerable rules detected.

Download

Paper Citation

in Harvard Style

Puspaningrum A., Anis Al Hilmi M., Darsih., Mustamiin M. and Ilham Ginanjar M. (2022). Vulnerable Source Code Detection Using Sonarcloud Code Analysis. In Proceedings of the 5th International Conference on Applied Science and Technology on Engineering Science - Volume 1: iCAST-ES; ISBN 978-989-758-619-4, SciTePress, pages 683-687. DOI: 10.5220/0011862600003575

in Bibtex Style

@conference{icast-es22,
author={Alifia Puspaningrum and Muhammad Anis Al Hilmi and Darsih and Muhamad Mustamiin and Maulana Ilham Ginanjar},
title={Vulnerable Source Code Detection Using Sonarcloud Code Analysis},
booktitle={Proceedings of the 5th International Conference on Applied Science and Technology on Engineering Science - Volume 1: iCAST-ES},
year={2022},
pages={683-687},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011862600003575},
isbn={978-989-758-619-4},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 5th International Conference on Applied Science and Technology on Engineering Science - Volume 1: iCAST-ES
TI - Vulnerable Source Code Detection Using Sonarcloud Code Analysis
SN - 978-989-758-619-4
AU - Puspaningrum A.
AU - Anis Al Hilmi M.
AU - Darsih.
AU - Mustamiin M.
AU - Ilham Ginanjar M.
PY - 2022
SP - 683
EP - 687
DO - 10.5220/0011862600003575
PB - SciTePress