387 Open source projects that are alternatives of or similar to Dependency Check Sonar Plugin

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Integrates OWASP Zed Attack Proxy reports into SonarQube

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

A vulnerable version of Rails that follows the OWASP Top 10

OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.

Next generation web scanner

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

Application Security Awareness Training

Additional Resources For Securing The Stack Tutorials

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

The OWASP ZAP Heads Up Display (HUD)

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Awesome Node.js Security resources

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

OWASP ZAP Add-ons

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

The OWASP ZAP core project

A collection of electronic hacker magazines carefully curated over the years from multiple sources

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

OWASP Zed Attack Proxy project landing page.

Some good resources for getting started with application security

Documentation for Essential Node.js Security

OWASP Code Review Guide Web Repository

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

This repo demonstrates how to work on CI/CD for Mobile Apps 📱 using Github Actions 💊 + Firebase Distribution 🎉

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

QCTF School 2018. Developed with ♥ by Hackerdom team

Security review guidelines for mobile projects

Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis

No description or website provided.

Hunt for security weaknesses in Kubernetes clusters

Sonar plugin for jDepend

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

List of every possible vulnerabilities in computer security.

Sonar plugin to analyze ESQL-sourcecode of IBM Integration Bus projects

PHDays Online CTF 2017. Developed with ♥ by Hackerdom team

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop supporting CTFd, FBCTF and RootTheBox

Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.

GitHub Action to set up Fortify ScanCentral Client

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

Snyk CLI scans and monitors your projects for security vulnerabilities.

A Docker Image For the Open Vulnerability Assessment Scanner (OpenVAS)

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

🎩 [penetration testing Book], Kali Magic, Cryptography, Hash Crack, Botnet, Rootkit, Malware, Spyware, Python, Go, C|EH.

Docker repository for OWTF (64-bit Kali)

A Tool for Domain Flyovers

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

快速搭建各种漏洞环境(Various vulnerability environment)

A collection of higher-level aws cdk constructs: slack-approval-workflow, #slack & msteams notifications, chatops, blue-green-container-deployment, codecommit-backup, OWASP dependency-check, contentful-webhook, github-webhook, stripe-webhook, static-website, pull-request-check, pull-request-approval-rule, codepipeline-merge-action, codepipeline-check-parameter-action...

Detects the algorithm of input JWT Token and provide options to generate the new JWT token based on the user selected algorithm.

F# SonarQube (TM) plugin - support for F#

Owasp Zap chart for Kubernetes

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

AutoVAS is an automated vulnerability analysis system with a deep learning approach.

Export and import resolved issues