Kurt Bonnet wrote to tell me that two tools from Atlassian, Crucible (used for code review), and FishEye (used for source code repository analysis), now support CFML (as of version 1.3.5).
Kurt Bonnet wrote to tell me that two tools from Atlassian, Crucible (used for code review), and FishEye (used for source code repository analysis), now support CFML (as of version 1.3.5).
I hope there is a trial edition – I’m very curious to see what kind of suggestions the tools make.
@ Ray
I think you may have a bit of a misunderstanding as to what Crucible does. Crucible is an awesome product that helps facilitate code reviews, its not a static analysis tool. It will show, more accurately now, changes from one version to anot
So you mean it just helps collect code reviews? Then how does it ‘support’ CF then?
Ray, the docs on FishEye say that CFML syntax highlighting was added.
The FishEye + JIRA combination is simply fantastic – well worth the trial downloads. Haven’t looked at crucible as I’m lead of a team of two.
Great products, and available free in support of Open Source projects.
Any suggestions for a static code analysis tool that checks for security vulnerabilities for ColdFusion 7 and 8?
What makes either of these any better than the open source Trac tool?
(Disclaimer: I’m biased I sold FishEye, Crucible & Clover to Atlassian)
> What makes either of these any better than the open source Trac tool?
Trac is a great tool, no question. However, the Atlassian tools are much richer standalone products that also work together pretty well. E.g. Trac provides source browsing and a changelog as a handy adjunct – FishEye provides source browsing, per user feeds, spanky annotations, line history, comprehensive search, and API among other stuff. A similar story for the other Trac features; issues – JIRA, wiki – Confluence, source – FishEye. There are also other tools available include Crucible – peer code review and Bamboo a CI tool.
So it really depends on what you want/need, Trac gives you a lot of nicely integrated stuff. Atlassian’s tools provide heaps more features but do add more complexity (and they cost a few dollars for commercial use). Give them a whirl and see if they help. Remember there is no reason you can’t use Trac and FishEye.
Any cheap suggestions for a static code analysis tool that checks for security vulnerabilities for my ColdFusion 7 and 8 code? That would be nice. Real nice.
There is a code analyzer tool bult in, gointo the admin panel and you will se eit in the left. It reports any compatability issues and depracted tags.
DT, in case you are subscribed to this still, check out HP’s scrawler. It is a SQL injection crawler. Its free from HP, with the hope you buy into their enterprise suite I am sure. Might check it out.
http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx
Leave a Reply