SOURCES SOUGHT
70 -- SSA-RFI-10- Code Scanning Tool
- Notice Date
- 2/2/2010
- Notice Type
- Sources Sought
- NAICS
- 541512
— Computer Systems Design Services
- Contracting Office
- Social Security Administration, Office of Budget, Finance, and Management, Office of Acquisition and Grants, 1st Floor, Rear Entrance, 7111 Security Blvd., Baltimore, Maryland, 21244
- ZIP Code
- 21244
- Solicitation Number
- SSA-RFI-10-CodeScanningTool
- Archive Date
- 3/3/2010
- Point of Contact
- VALERIE N. KING, Phone: 4109656496, Kathy C Fain, Phone: 410-965-4853
- E-Mail Address
-
VALERIE.N.KING@SSA.GOV, kathryn.fain@ssa.gov
(VALERIE.N.KING@SSA.GOV, kathryn.fain@ssa.gov)
- Small Business Set-Aside
- N/A
- Description
- The Social Security Administration is seeking to identify responsible vendors capable of providing an application mining tool to scan static programming language code. The objective of this action is to identify and evaluate prospective tool providers and their solutions relative to the Agency's strategy and requirements. The agency will evaluate responses based on functional, technical and commercial merit. The agency will pursue further due diligence, including but not limited to solution demonstrations, detailed questions, and proof of concept workshops. Vendors with the ability to meet the requirements listed below should submit complete details. The responses must clearly state how their product provides the ability to meet the requirements. Interested parties must respond to this notice within 14 calendar days from the date of this publication. V endors responding should indicate whether their products are available on the GSA schedule or not. Pricing data may be submitted. This is not a request for proposal and the government does not intend to pay for information submitted. The product must be able to support the following minimum information requirements: Programming Languages •· The product must support the scanning of code in a static state for either or both of the following: •o JAVA - 1.4, 5.x and related (.JAR,.EAR) files •o COBOL -Enterprise (LE) or COBOL 3 General requirements •· The product must support one or more of the following capabilities in a static code state: •o Identify program structure, flow, and data connections •o Identify problems and issues based on coding best practices •o Identify security vulnerabilities •· The product must be full featured and easy to use. Describe the main features of the product and ease of use determination basis. Vendors with the ability to meet the requirements listed above should provide answers to the following capabilities of their product where they pertain: Platform - Identify the system requirements to support the product such as the following: •· Type of server required •· Operating system and release •· Database needs •· Etc... General Features - Identify if the product has the following capabilities •· Display program flow graphically •· Calculate performance metrics (Halstead and/or McCabe) •· Locate unused or dead code •· Scan code for best practices and determine potential problems •· Identify calls to stored procedures •· Identify calls to files •· Identify file processing type (e.g. stream or record based) •· Identify calls to other programs •· Calculate total lines of code •· Scan for commented and uncommented code and report results. •· Locate duplications of processes in the code base. •· Ability to run in a batch and/or online mode •· Ability to customize the product to fit the goals or architecture of the agency Web Services - Capability to do the following: •· Identify code as candidates for isolation as a service •· Wrap code into a service callable from the web Security - Identify security vulnerabilities such as the following: •· Encryption methods used •· Security coding violations based on industry and Federal best practices •· Meet Federal guidelines for tools, such as Security Content Automation Protocol (SCAP) File Operations - Identify the products export capabilities such as the following: •· Export types (.txt,.xls,.csv) •· Export UML Diagrams •· Export into an XMI Stream Database Connectivity - Identify connections made to databases: •· Identify calls to databases including the type of access (Insert, Select, Update and Delete) Framework - Capability to understand the following frameworks: •· JEE - 1.3 and higher •· Struts - 1.x and higher •· Hibernate - 2.0 and higher •· AJAX •· Web 2.0 •· List other supported frameworks Product - Capability to understand or interact with the following: •· JMX •· JDBC - Version 2 & 3 •· RAD - 7.x and higher •· Eclipse - 3.2 and higher •· CICS - TS v3.2 •· WebSphere - v6.x and higher •· ISPF - v6.1 •· TSO - v1.11 •· Dialog Manager - v1.11 •· Active Directory •· CA Top Secret - v14 •· DB2 - Version 8 and/or 9 •· Oracle - 10g and higher •· List other supported products Source Code Libraries - Identify source code libraries the product can interact with such as the following: •· MKS - Version 2009 •· Endevor - Release 12 SP3 •· Provide list of additionally supported source code libraries Languages - Capability to understand the following: •· JavaScript - v1.3 and higher •· XML •· HTML - version 4 and higher •· XHTML - version 2 and higher •· JSP - 2.3 and higher •· ALC - HLASM (High Level Assembler) v6.0 •· JavaScript Object Notation (JSON) •· Jscript - version 5 and higher •· List additionally supported languages •· jQuery - version 1.x and higher •· SOA Artifacts (WSDL, etc.) •· COBOL - Enterprise (LE) or COBOL 3 •· Focus •· WebFocus •· Python - version 2.6 and 3.0 •· PHP •· Perl •· CLIST - v1.11 •· REXX •· JCL Costs - Detail the pricing structure of the product such as the following: •· Detail how the product is priced (by server, by client, by service, enterprise, etc.)? JAVA specific - Identify if the product has the following capabilities: •· Make distinction between 3rd party and handwritten code. •· List packages used within application •· Measurement of thread objects created •· Make correlation to JSP pages from JAVA code. •· Determine if the code is 508 compliant. •· Capture SQL generation •· Java Docs API coding best practices •· Check XML syntax (Well formed and valid) •· Check JavaScript for dead code •· Check JAVA code for duplicate variables •· Check CSS files for wrong attributes internal to the CSS member, ex. Bad html references •· Identify variables and classes are being defined at the correct level, global vs. local •· Check for unused local variables, parameters, and private methods •· Check for empty try, catch, finally switch statements •· Check for empty or unnecessary "if" statements •· Find duplicate import statements •· Check for Unnecessary system.out and printStackTrace •· Check for encryption policy •· Parse.JAR,.EAR,.WAR, and.RAR COBOL specific - Identify if the product has the following capabilities: •· Identify and maintain relationships between code, link, package, plan and executable program (JCL, CLIST, REXX) •· Identify where file, working storage and linkage section fields are being used within the program. Indexed and searchable. •· Capture SQL generation •· Check COBOL for dead code •· Identify JCL that manipulates data •· Identify security issues in source and object code •· Identify inefficient coding based on industry best practices •· Identify CICS tuning and security issues •· Identify DB2 tuning and security issues •· Document calls to submodules and stored procedures. •· Identify any hardcoded data or hex values with in code
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/SSA/DCFIAM/OAG/SSA-RFI-10-CodeScanningTool/listing.html)
- Place of Performance
- Address: Social Security Administration(SSA); Office of Budget, Finance, and Management; Office of Acquisition and Grants(OAG); 7111 Security Blvd, 1rst Floor, Rear Entrance., Baltimore, Maryland, 21244, United States
- Zip Code: 21244
- Zip Code: 21244
- Record
- SN02055571-W 20100204/100202235241-e8c2337a8fdb0682fcfd15b79f39e6c9 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |