Continuous monitoring system for source code weaknesses

Developing software is a creative activity, and being carried out by humans is subject to defects. There are types of defects that can occur in a software’s project, but the ones that interest us most, are those related with the product of the project, that is, the source code. Source code defects can be named as weaknesses, which depending on their characteristics, can lead to security vulnerabilities. In medium and large projects, find such weaknesses by manually inspecting all the modules of the project, it is infeasible, in addition to the fact that active projects launch with some frequency new versions of your product, versions that may come with new weaknesses. During Google Summer of code period, i’m intend to build a system, that permits to run several static analysis tools in source code packages. I’m working in the past few months in Debile, a tool created by the Debian community to make static analysis on Debian packages. Make this tool more generic will permit to analyses others fonts of source code, and this is the main object that i want to reach.