Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

pypyr task-runner cli & api for automation pipelines. Automate anything by combining commands, different scripts in different languages & applications into one pipeline process.

Stars: ✭ 173 (-58.01%)

Mutual labels: tool, ci-cd

Astra

Automated Security Testing For REST API's

Stars: ✭ 1,898 (+360.68%)

Mutual labels: owasp, ci-cd

DevSecOps

Ultimate DevSecOps library

Stars: ✭ 4,450 (+980.1%)

Mutual labels: ci-cd, devsecops

dependency-track-maven-plugin

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

Stars: ✭ 28 (-93.2%)

Mutual labels: owasp, devsecops

Mobile Security Framework Mobsf

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Stars: ✭ 10,212 (+2378.64%)

Mutual labels: owasp, devsecops

Apicheck

The DevSecOps toolset for REST APIs

Stars: ✭ 184 (-55.34%)

Mutual labels: owasp, devsecops

Sbt Dependency Check

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Stars: ✭ 187 (-54.61%)

Mutual labels: owasp, devsecops

aws-firewall-factory

Deploy, update, and stage your WAFs while managing them centrally via FMS.

Stars: ✭ 72 (-82.52%)

Mutual labels: owasp, devsecops

Securecodebox

secureCodeBox (SCB) - continuous secure delivery out of the box

Stars: ✭ 279 (-32.28%)

Mutual labels: owasp, devsecops

Linux Kernel Exploits

linux-kernel-exploits Linux平台提权漏洞集合

Stars: ✭ 4,203 (+920.15%)

Mutual labels: tool

Graph Visualizer

Visualizer for your Playable graphs

Stars: ✭ 367 (-10.92%)

Mutual labels: tool

Sorted Colors

A tool to sort the named CSS colors in a way that it shows related colors together

Stars: ✭ 167 (-59.47%)

Mutual labels: tool

Polymorph

Polymorph is a real-time network packet manipulation framework with support for almost all existing protocols

Stars: ✭ 364 (-11.65%)

Mutual labels: tool

Www Community

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

Stars: ✭ 409 (-0.73%)

Mutual labels: owasp

Goben

goben is a golang tool to measure TCP/UDP transport layer throughput between hosts.

Stars: ✭ 391 (-5.1%)

Mutual labels: tool

Presentmon

Tool for collection and processing of ETW events related to frame presentation on Windows.

Stars: ✭ 360 (-12.62%)

Mutual labels: tool

Threatmapper

Identify vulnerabilities in running containers, images, hosts and repositories

Stars: ✭ 361 (-12.38%)

Mutual labels: devsecops

Kitti2bag

Convert KITTI dataset to ROS bag file the easy way!

Stars: ✭ 359 (-12.86%)

Mutual labels: tool

View All Similar Projects ➔

OWASP Glue

Glue is a framework for running a series of tools. Generally, it is intended as a backbone for automating a security analysis pipeline of tools.

Recommended Usage

For those wishing to run Glue, we recommend using the docker image because it should have the other tools it uses available already and configured. See the documentation for more info. Glue Docker Documentation

For those interested in how to use Glue in a DevOps context, see Glue DevOps Integration Options

Checkout the Playground to get a better understanding of Glue's features and how you can use them.

Local run

docker run owasp/glue

Installation for Development

git clone https://github.com/owasp/glue
cd glue                     -- RVM will set to 2.3.1 with Gemset Glue
gem install bundler
bundle install

Running in Development

cd lib
../bin/glue -h

Extending Glue

Glue is intended to be extended through added "tasks". To add a new tool, copy an existing task and tweak to make it work for the tool in question.

Usage

Glue <options> <target>

Options

Common options include:

-d for debug
-f for format (takes "json", "csv", "jira")

For a full list of options, use Glue --help or see the OPTIONS.md file.

Target

The target can be:

Filesystem (which is analyzed in place)
Git repo (which is cloned for analysis)
Other types of images (.iso, docker, etc. are experimental)

Dependencies

clamav
hashdeep
rm (*nix)
git
mount (*nix)
docker

Development

To run the code, run the following from the root directory:

>ruby bin/Glue <options> target

To build a gem, just run:

gem build Glue.gemspec

Integration

Git Hooks

First, grab the hook from the code.

meditation:hooks mk$ cp /area53/owasp/Glue/hooks/pre-commit .

Then make it executable.

meditation:hooks mk$ chmod +x pre-commit

Make sure the shell you are committing in can see docker.

meditation:hooks mk$ eval "$(docker-machine env default)"

Now go test and make a change and commit a file. The result should be that Glue runs against your code and will not allow commits unless the results are clean. (Which is not necessarily a reasonable expectation)

Configuration files

For advanced usage scenarios, you can save your configuration and use it at runtime.

Authors

Matt Konda Alex Lock Rafa Perez

License

Apache 2: http://www.apache.org/licenses/LICENSE-2.0

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 412

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (65) 🔗