GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → secureCodeBox → Securecodebox

secureCodeBox / Securecodebox

Licence: apache-2.0
secureCodeBox (SCB) - continuous secure delivery out of the box

Programming Languages

javascript
184084 projects - #8 most used programming language

Labels

hacktoberfestsecuritykubernetessecurity-toolskubernetes-operatorowaspsecurity-automationdevsecopssecurity-testing

Projects that are alternatives of or similar to Securecodebox

Django Defectdojo
DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
Stars: ✭ 1,926 (+590.32%)
Mutual labels:  hacktoberfest, owasp, security-automation, devsecops
Dependency Track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Stars: ✭ 718 (+157.35%)
Mutual labels:  owasp, security-automation, devsecops
Shodansploit
🔎 shodansploit > v1.3.0
Stars: ✭ 342 (+22.58%)
Mutual labels:  security-tools, security-automation, security-testing
Sbt Dependency Check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (-32.97%)
Mutual labels:  owasp, security-automation, devsecops
Taipan
Web application vulnerability scanner
Stars: ✭ 359 (+28.67%)
Mutual labels:  security-tools, security-automation, security-testing
Purify
All-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (-74.19%)
Mutual labels:  security-tools, security-automation, devsecops
Insider
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (-22.58%)
Mutual labels:  security-tools, owasp, security-automation
Huskyci
Performing security tests inside your CI
Stars: ✭ 398 (+42.65%)
Mutual labels:  hacktoberfest, security-tools, security-automation
Trivy
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
Stars: ✭ 9,673 (+3367.03%)
Mutual labels:  hacktoberfest, security-tools, devsecops
aws-firewall-factory
Deploy, update, and stage your WAFs while managing them centrally via FMS.
Stars: ✭ 72 (-74.19%)
Mutual labels:  owasp, devsecops
secure-pipeline-advisor
Improve your code security by running different security checks/validation in a simple way.
Stars: ✭ 25 (-91.04%)
Mutual labels:  security-automation, devsecops
advanced-security-compliance
GitHub Advance Security Compliance Action
Stars: ✭ 106 (-62.01%)
Mutual labels:  security-automation, devsecops
assimilation-official
This is the official main repository for the Assimilation project
Stars: ✭ 47 (-83.15%)
Mutual labels:  owasp, security-automation
MixewayHub
Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.
Stars: ✭ 80 (-71.33%)
Mutual labels:  security-automation, devsecops
reconmap
Vulnerability assessment and penetration testing automation and reporting platform for teams.
Stars: ✭ 242 (-13.26%)
Mutual labels:  security-automation, devsecops
Juice Shop Ctf
Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop
Stars: ✭ 238 (-14.7%)
Mutual labels:  hacktoberfest, owasp
dependency-track-maven-plugin
Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
Stars: ✭ 28 (-89.96%)
Mutual labels:  owasp, devsecops
Sherlock
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (-87.1%)
Mutual labels:  security-automation, security-testing
Percona Xtradb Cluster Operator
A Kubernetes Operator for Percona XtraDB Cluster
Stars: ✭ 230 (-17.56%)
Mutual labels:  hacktoberfest, kubernetes-operator
secureCodeBox-v2
This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.
Stars: ✭ 23 (-91.76%)
Mutual labels:  kubernetes-operator, devsecops
View All Similar Projects ➔

OWASP secureCodeBox

secureCodeBox Logo secureCodeBox Logo

License Apache-2.0 GitHub release (latest SemVer) OWASP Incubator Project Twitter Follower

Build Maintainability Test Coverage Known Vulnerabilities

secureCodeBox is a kubernetes based, modularized toolchain for continuous security scans of your software project. Its goal is to orchestrate and easily automate a bunch of security-testing tools out of the box.

Overview

For additional documentation aspects please have a look at our documentation website:

Purpose of this Project

The typical way to ensure application security is to hire a security specialist (aka penetration tester) at some point in your project to check the application for security bugs and vulnerabilities. Usually, this check is done at a later stage of the project and has two major drawbacks:

  1. Nowadays, a lot of projects do continuous delivery, which means the developers deploy new versions multiple times each day. The penetration tester is only able to check a single snapshot, but some further commits could introduce new security issues. To ensure ongoing application security, the penetration tester should also continuously test the application. Unfortunately, such an approach is rarely financially feasible.
  2. Due to a typically time boxed analysis, the penetration tester has to focus on trivial security issues (low-hanging fruit) and therefore will probably not address the serious, non-obvious ones.

With the secureCodeBox we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.

secureCodeBox Architecture

The purpose of secureCodeBox is not to replace the penetration testers or make them obsolete. We strongly recommend to run extensive tests by experienced penetration testers on all your applications.

Important note: The secureCodeBox is no simple one-button-click-solution! You must have a deep understanding of security and how to configure the scanners. Furthermore, an understanding of the scan results and how to interpret them is also necessary.

There is a German article about Security DevOps – Angreifern (immer) einen Schritt voraus in the software engineering journal OBJEKTSpektrum.

Quickstart

You can find resources to help you get started on our documentation website including instruction on how to install the secureCodeBox and guides to help you run your first scans with it.

Architecture Overview

secureCodeBox Architecture

License

Code of secureCodeBox is licensed under the Apache License 2.0.

Community

You are welcome, please join us on... 👋

secureCodeBox is an official OWASP project.

Contributing

Contributions are welcome and extremely helpful 🙌 Please have a look at Contributing

Author Information

Sponsored by iteratec GmbH - secureCodeBox.io

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].