The Tool Output Integration Framework (TOIF) is a powerful open source vulnerability detection platform. It allows users to analyze systems, for the purpose of performing defect sightings on a project.

TOIF provides:

• Reference implementation for standard-based adaptors
• Further CWE normalization of vulnerability reports based on the Software Fault Patterns; adoption of SFPs
• Adoption of standard-based reporting of vulnerabilities
• Utilization of open source development to advance the SwA space
• A common protocol for exchanging vulnerability findings

TOIF includes the following components: TOIF Adaptor: TOIF Adaptor is used to collect the output from various vulnerability detection tools and convert their output into TOIF xml TOIF Assimilator: After running the TOIF Adaptor you need to run the Assimilator to merge TOIF findings and/or KDM data into a common fact-orientated repository or file TOIF Report View: Once you have your TOIF findings assimilated, you use the TOIF Report View to display the results in Eclipse or the KDM Workbench.

TOIF is based on existing standard protocol for exchanging system facts; the OMG Knowledge Discovery Metamodel (KDM), now ISO/IEC 19506.

Download Specification of the TOIF XML schema

TOIF Open Source (Beta) Downloads