2081 Open source projects that are alternatives of or similar to Sbt Dependency Check

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

All-in-one tool for managing vulnerability reports from AppSec pipelines

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Awesome Node.js Security resources

Security scanner for your Terraform code

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

The DevSecOps toolset for REST APIs

This is the official main repository for the Assimilation project

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Making CoreOS' Clair easily work in CI/CD pipelines

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

kube-scan: Octarine k8s cluster risk assessment tool

cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs

A Blazing fast Security Auditing tool for Kubernetes

Additional Resources For Securing The Stack Tutorials

Some good resources for getting started with application security

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

Hourly updated database of exploit and exploitation reports

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

secureCodeBox (SCB) - continuous secure delivery out of the box

Centralize Vulnerability Assessment and Management for DevSecOps Team

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

分布式资产安全扫描核心管理系统(弱口令扫描，漏洞扫描)

A static analysis security vulnerability scanner for Ruby on Rails applications

Flyway SBT plugin

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Plugin to block compilation when unapproved dependencies are used or code styling does not comply.

Multi source CVE/exploit parser.

FindBugs static analysis plugin for sbt.

A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

Open-Source Security Architecture | 开源安全架构

SEC分布式资产扫描系统

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Performing security tests inside your CI

Linting tool for CloudFormation templates

🔐 Docker Container for Penetration Testing & Security

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

Secure, Unified, Powerful and Extensible Rust Android Analyzer

Integrates Dependency-Check reports into SonarQube

Helps you continuously monitor and fix common security vulnerabilities in your Django application.

Pentest Report Generator

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

🐞 Primitive Erlang Security Tool

A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification

sbt plugin to create a dependency graph for your project

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

This repository contains information about DevSecOps and how to get involved in this community effort.

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…

A collection of electronic hacker magazines carefully curated over the years from multiple sources