Zoncolan: Using static analysis to prevent security issues - Facebook Engineering

Zoncolan helps security engineers scale their work by using static analysis to examine code and detect security or privacy issues.

Click to view the original at

Hasnain says:

I am unreasonably excited that I can finally share a bit more about Zoncolan which is one of our coolest technical innovations to date.

Watching on the sidelines/being partially involved with the development here has made me re-evaluate how I approach software development. Technical excellence combined with laser-focused attention to detail on user requirements does wonders.

"Zoncolan evaluates thousands of code changes per day. We have built extensive infrastructure for running Zoncolan, tracking the results, and providing access to those results. In 2018, Zoncolan helped find and triage more than 1,100 security issues with severity “significant” or higher, indicating they required immediate action. The distribution of those findings is as follows."

Posted on 2019-08-16T00:19:53+0000