Question
· Aug 15, 2022

Security Scans

We are looking for a 3rd party application that can scan our IRIS based Cache Object Script code for vulnerabilities or coding weaknesses.  There are many, many applications/vendors out there that do code scanning but none seem to support Cache Object Script or scanning the IRIS environment.   If anyone is aware of a company/product that can scan our code / IRIS environment, I would love to hear about it.

Thanks in advance for the help.

Mike

Product version: IRIS 2022.1
$ZV: IRIS for Windows (x86-64) 2022.1 (Build 209U) Tue May 31 2022 12:16:40 EDT
Discussion (3)1
Log in or sign up to continue

Hi, Yeah at this time no one security scanner supports ObjectScript. There are a few reasons for it. 

At this time, the only tool closest to it is ObjectScriptQuality, which can scan for possible bugs right now. But can be extended for security scans as well. With proper funding, it's possible to do it there. But only as a scanner just for code.

Another way is to implement a very new especially for a Security scanning tool, a complete scanner for enironment.

If your company or other companies would like to invest in such a project, I can implement such tool.

And in fact, I've asked about this particular task at Global Summit 2022. And I'm really interested if any of the companies have this request too? Nowadays, there are a lot of such tools for many programming languages but ObjectScript. And in some cases it could become a requirement, to scan your application, no matter the language it's written.

I hope, that maybe someone from InterSystems may add something. Pinging @Andreas Dieckow