Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
☆542Dec 4, 2023Updated 2 years ago
Alternatives and similar repositories for steady
Users that are interested in steady are comparing it to the libraries listed below
Sorting:
- Home page of project "KB"☆133Mar 27, 2025Updated 11 months ago
- Publications done by Double Open.☆16Jun 5, 2020Updated 5 years ago
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,412Jun 17, 2025Updated 8 months ago
- IAST 灰盒扫描工具☆447Jul 19, 2022Updated 3 years ago
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆3,631Updated this week
- Vulncode-DB project☆577Jan 3, 2022Updated 4 years ago
- OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependen…☆7,445Updated this week
- VUDDY & hmark for IoTcube☆22Apr 28, 2023Updated 2 years ago
- 基于burpsuite headless 的代理式被动扫描系统☆95Feb 10, 2020Updated 6 years ago
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆584Sep 7, 2021Updated 4 years ago
- SootDiff - Bytecode Comparison Across Different Java Compilers☆18May 24, 2024Updated last year
- Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (…☆316Apr 1, 2019Updated 6 years ago
- Coverage-guided, in-process fuzzing for the JVM☆1,199Feb 28, 2026Updated last week
- SW360 Antenna project☆22Mar 17, 2021Updated 4 years ago
- 🔥Open source RASP solution☆2,953Oct 2, 2025Updated 5 months ago
- docker 安全基线规范☆91Jun 27, 2018Updated 7 years ago
- The Disclosure-CLI provides an easy way to access the public api of the FOSS Disclosure Portal. It is the recommended tool for external s…☆18Dec 29, 2025Updated 2 months ago
- JAVA Vul Code JAVA常见漏洞与防御代码示例☆10Sep 18, 2018Updated 7 years ago
- Securibench Micro is a benchmark for static analysis tools for security.☆26Jul 26, 2018Updated 7 years ago
- 越权检测工具☆746Jun 17, 2022Updated 3 years ago
- java source code static code analysis and danger function identify prog☆534Feb 18, 2019Updated 7 years ago
- 洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。☆1,181Jan 12, 2021Updated 5 years ago
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.☆35Mar 2, 2020Updated 6 years ago
- SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.☆3,828Feb 28, 2026Updated last week
- The International FOSS Law Book, v.2 and onwards☆15Jan 17, 2022Updated 4 years ago
- 一些Java RASP demo☆11Sep 26, 2019Updated 6 years ago
- A collection of scripts for license compliance scanning, mostly experimental☆21Jun 16, 2025Updated 8 months ago
- Inspect Python code and PyPI package manifests. Resolve Python dependencies.☆24Nov 5, 2025Updated 4 months ago
- Hunter作为中通DevSecOps闭环方案中的一环,扮演着很重要的角色,开源之后希望能帮助到更多企业。☆346Dec 14, 2022Updated 3 years ago
- A static byte code analyzer for Java deserialization gadget research☆252Apr 17, 2017Updated 8 years ago
- OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web…☆775Updated this week
- Java-Web-Security - Sichere Webanwendungen mit Java entwickeln☆221Feb 19, 2026Updated 2 weeks ago
- Penetration Testing Platform☆1,350Jul 6, 2022Updated 3 years ago
- CVE database store☆131Oct 19, 2020Updated 5 years ago
- Static code auditing system☆467Jan 8, 2021Updated 5 years ago
- A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects…☆65Apr 5, 2025Updated 11 months ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆612Mar 4, 2021Updated 5 years ago
- A Java runtime information-gathering tool which uses the Java Attach API for information acquisition☆204Apr 26, 2021Updated 4 years ago