Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
☆542Dec 4, 2023Updated 2 years ago
Alternatives and similar repositories for steady
Users that are interested in steady are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Home page of project "KB"☆134Mar 27, 2025Updated last year
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,419Mar 26, 2026Updated 2 weeks ago
- Publications done by Double Open.☆16Jun 5, 2020Updated 5 years ago
- IAST 灰盒扫描工具☆447Jul 19, 2022Updated 3 years ago
- A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…☆81Apr 3, 2026Updated last week
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- JAVA Vul Code JAVA常见漏洞与防御代码示例☆10Sep 18, 2018Updated 7 years ago
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆3,730Updated this week
- Securibench Micro is a benchmark for static analysis tools for security.☆26Jul 26, 2018Updated 7 years ago
- Vulncode-DB project☆577Jan 3, 2022Updated 4 years ago
- SootDiff - Bytecode Comparison Across Different Java Compilers☆18May 24, 2024Updated last year
- Evaluation Framework for Dependency Analysis (EFDA)☆44May 4, 2022Updated 3 years ago
- SW360 Antenna project☆22Mar 17, 2021Updated 5 years ago
- OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependen…☆7,489Updated this week
- Java-Web-Security - Sichere Webanwendungen mit Java entwickeln☆223Mar 31, 2026Updated last week
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- Inspect Python code and PyPI package manifests. Resolve Python dependencies.☆24Mar 11, 2026Updated 3 weeks ago
- 基于burpsuite headless 的代理式被动扫描系统☆95Feb 10, 2020Updated 6 years ago
- A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects…☆65Apr 5, 2025Updated last year
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆583Sep 7, 2021Updated 4 years ago
- CVE database store☆131Oct 19, 2020Updated 5 years ago
- Coverage-guided, in-process fuzzing for the JVM☆1,217Apr 4, 2026Updated last week
- The Artifacts for ICSE 2023 paper: Bad Snakes: Understanding and Improving Python Package Index Malware Scanning☆13Feb 8, 2026Updated 2 months ago
- docker 安全基线规范☆91Jun 27, 2018Updated 7 years ago
- Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (…☆315Apr 1, 2019Updated 7 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Collection of tools for analyzing open source packages.☆357Mar 9, 2026Updated last month
- A static byte code analyzer for Java deserialization gadget research☆251Apr 17, 2017Updated 8 years ago
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- 🔥Open source RASP solution☆2,958Oct 2, 2025Updated 6 months ago
- Binary rewriting approach with fork server support to fuzz Java applications with afl-fuzz.☆91May 3, 2018Updated 7 years ago
- java source code static code analysis and danger function identify prog☆536Feb 18, 2019Updated 7 years ago
- A suite of tools to automate software compliance checks.☆1,978Updated this week
- 越权��检测工具☆746Jun 17, 2022Updated 3 years ago
- Hunter作为中通DevSecOps闭环方案中的一环,扮演着很重要的角色,开源之后希望能帮助到更多企业。☆345Dec 14, 2022Updated 3 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- VUDDY & hmark for IoTcube☆22Apr 28, 2023Updated 2 years ago
- SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.☆3,851Apr 4, 2026Updated last week
- Hosts our tool for mining simple "stupid'' bugs (SStuBs).☆38May 20, 2022Updated 3 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆612Mar 4, 2021Updated 5 years ago
- JoanAudit - A security slicing tool that helps security auditors to perform their security auditing tasks more efficiently☆10Sep 6, 2017Updated 8 years ago
- RCE Exploit PoC for Spring based RESTFul APIs using XStream as Unmarshaler☆20Dec 24, 2013Updated 12 years ago
- Soot-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to s…☆18Jan 30, 2025Updated last year