View
Sorting
From A to Z
Products found: 1
Blade Tool Output Integration Framework
Blade Tool Output Integration Framework (TOIF) is a powerful software vulnerability detection platform. It provides a standards-based environment that integrates the outputs of multiple vulnerability analysis tools in a single uniform view with unified reporting.
It leverages OMG Software Assurance Ecosystem standards, Software Fault Patterns (SFPs), and Common Weakness Enumerations (CWEs)
Composite Vulnerability Analysis & Reporting. Blade TOIF’s plug-and-play environment provides a foundation for composite vulnerability analysis by normalizing, semantically integrating, and collating findings from existing vulnerability analysis tools.
Improves breadth and acccuracy of off-the-shelf vulnerability analysis tools. Provides powerful vulnerability analysis and management environment for analyzing, reporting and fixing discovered weaknesses.
Seamless Integration. Out-off-the-box, Blade TOIF seamlessly integrates into the Eclipse Development Environment and with five open-source vulnerability analysis tools:
- CppCheck
- RATS
- Splint
- SpotBugs
- Jlint
Blade TOIF Integration
Integrates into Eclipse development environment:- Execute Blade TOIF (desktop deployment) from within Eclipse with progress bar
- Automatically see defect findings in Eclipse
- Use the “TOIF Analyze” easy button in the Eclipse toolbar and in the Blade TOIF main menu
- Run it on a sub-set of project files/ directories
- Filter the defect findings listed in the Blade TOIF Findings view, based on the selected project data in the Project Explorer in Eclipse
Blade TOIF Key Capabilities
- Integrates multiple vulnerability detection tools and their findings as “data feeds” into a common repository
- Addresses wider breadth and depth of vulnerability coverage
- Common processing of results
- Normalizes and collates “data feeds” based on discernable patterns described as Software Fault Patterns (SFPs) and CWEs
- Provides one prioritized report with weighted results across tools/vendors
- Uses an RDF repository and provides external Java API for additional analysis capabilities
- Integrates out-of-box with: CppCheck, RATS, Splint, SpotBugs and Jlint
- Defect Description view provides information related to the cluster, SFP, and CWE description of the selected defect instance in the Blade TOIF Findings view
- Defect findings, including citing information, can be exported to *.tsv file and subsequently imported to another Blade TOIF project
- Installation wizard, auto-detection and configuration of open source software (OSS) static code analysis (SCA) tools
- Supports load build integration to import results generated from the server/load build to the desktop
- Automated risk analysis
- Automated vulnerability detection and analysis
- Traceability
- Measurement and prioritization that make it easy to plan how to best leverage the risk management budget and resources for greatest impact
-
-
ROI-
-
20
10