AVCDL static analysis overview

This training covers an overview of Static Analysis. AVCDL repo: https://github.com/AVCDL/AVCDL training material source: https://github.com/AVCDL/AVCDL/tree/main/training/static%20analysis%20-%20overview/ References: Secure Settings Document (AVCDL secondary document) Static Analysis Report (AVCDL secondary document) Static Analysis Results Interchange Format (SARIF) Version 2.1.0 https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/sarif-v2.1.0-os.pdf Static Program Analysis https://en.wikipedia.org/wiki/Static_program_analysis PDP-8I wire-wrapped backplane (Dave Fischer - CC BY-SA 3.0) https://commons.wikimedia.org/wiki/File:PDP-8I-backplane.jpg https://creativecommons.org/licenses/by-sa/3.0/deed.en How much do bugs cost to fix during each phase of the SDLC? https://www.synopsys.com/blogs/software-security/cost-to-fix-bugs-during-each-sdlc-phase/ Path to Improve Product Quality, Reliability and Customer Satisfaction https://ieeexplore.ieee.org/document/497665 Chapters: 00:00 Title 00:09 Training Path 00:37 Introduction 02:00 Analysis Mechanism 02:06 Static Analysis Mechanism 03:03 Static Analysis Tools 04:22 Workflow 04:32 Process Workflow 04:50 Activities 04:56 Establish Settings 05:59 Secure Settings 06:32 Perform Analysis 08:26 Triage 09:36 Static Analysis Report 11:38 Recap 11:45 Summary 12:36 Further Reading 12:46 AVCDL on GitHub 13:05 AVCDL on YouTube 13:21 Next Steps 13:34 References