I currently work for Micro Focus, and we have the "Fortify" product line. I am NOT in that group, however, and I really don't know if it does what you are looking for or not - although I know it does have support for scanning mainframe COBOL for vulnerabilities. I don't know about HLASM.
Something you may want to explore, if you haven't already investigated it. Rich Way -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Steve Smith Sent: Friday, December 07, 2018 2:14 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Code vulnerability Depends on what kind of vulnerability you're looking for. z/OS itself isn't the only valuable thing you have. sas On Fri, Dec 7, 2018 at 2:11 PM Charles Mills <charl...@mcn.org> wrote: > Ray Overby at Key Resources, Inc. > > Charles > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of scott Ford > Sent: Friday, December 7, 2018 10:04 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Code vulnerability > > All, > > We write in Enterprise Cobol and HLASM and had a reseller asked us if > we scanned our Cobol code and HLASM code for vulnerabilities ..Does > software for this exist ? I know according to one of our people > Sonarcube can do Cobol scans, but is expensive , like $50000. > > Has anyone heard on any other software does this function and what > would they be looking for since we dont use and third party libraries ? > > Best Regards, > > *IDMWORKS * > > Scott Ford > > z/OS Dev. > > > > > “By elevating a friend or Collegue you elevate yourself, by demeaning > a friend or collegue you demean yourself” > > > > www.idmworks.com > > scott.f...@idmworks.com > > Blog: www.idmworks.com/blog > > > > > > *The information contained in this email message and any attachment > may be privileged, confidential, proprietary or otherwise protected > from disclosure. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, > distribution, copying or use of this message and any attachment is > strictly prohibited. If you have received this message in error, > please notify us immediately by replying to the message and > permanently delete it from your computer and destroy any printout > thereof.* > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- sas ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN