Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Vulnerable app with examples showing how to not use secrets

Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

SonarQube plugin for identifying hardcoded secrets, such as passwords, API keys, AWS credentials, etc..

Udemy Course on DevSecOps

DevSecOps Project using git, GitHub, jenkins, Maven,Junit, SonarQube, Docker, Trivy, Hashicorp Vault, AWS, Kubernetes

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

Test and monitor your projects for vulnerabilities with Jenkins. This plugin is officially maintained by Snyk.

Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. Sugar-Free and Secure: no any external dependencies except for chart plotting are used

Export Fortify vulnerability data to GitHub, GitLab, SonarQube and more

Fortify Jenkins plugin

Dongtai-plugin-idea is an IDEA plug-in developed by DongTai team for Java Web application developers. This plug-in provides functions such as vulnerability detection and code audit during application development, enabling developers to find application vulnerabilities more intuitively, quickly and in real time during application development.

Sonarqube cloudformation plugin, IaC security supports cfn-nag/checkov

A Java agent that disables platform features you don't use, before an attacker uses them against you.

Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayBackend project contains source code of backend with all plugin integrations writer in Spring Boot.

Jenkins Plugin from Contrast Security

Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

Майнд-карта для совместного структурирования проблем с безопасностью веб-приложений и подборки решений для них.