eclipse / steady
Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
☆538Updated last year
Alternatives and similar repositories for steady:
Users that are interested in steady are comparing it to the libraries listed below
- OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web…☆690Updated this week
- Home page of project "KB"☆117Updated 2 months ago
- Evaluation Framework for Dependency Analysis (EFDA)☆43Updated 2 years ago
- coverage guided fuzz testing for java☆230Updated 3 years ago
- Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects☆309Updated this week
- ThreadFix is a software vulnerability management platform. This GitHub site is far out of date. Please go to www.threadfix.it for up-to-d…☆339Updated 2 years ago
- An opinionated scaffolding framework that jumpstarts Java projects with an API-first design, secure defaults, and minimal dependencies☆62Updated this week
- A simple Java command-line utility to mirror the CVE JSON data from NIST.☆207Updated 2 years ago
- SpotBugs plugin for SonarQube☆359Updated this week
- Integrates Dependency-Check reports into SonarQube☆630Updated this week
- A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects…☆61Updated last month
- A tiny Java agent that blocks attacks against unsafe deserialization☆83Updated 7 years ago
- Java Agent which mitigates deserialisation attacks by making certain classes unserializable☆189Updated 8 years ago
- CycloneDX SBOM Model and Utils for Creating and Validating BOMs☆86Updated this week
- Coverity Security Library (CSL) is a lightweight set of escaping routines for fixing cross-site scripting (XSS), SQL injection, and other…☆202Updated 8 years ago
- SAMM stands for Software Assurance Maturity Model.☆398Updated 2 years ago
- The new home of the FindBugs project☆762Updated this week
- An open source, online threat modelling tool from OWASP☆483Updated 7 months ago
- Look-Ahead Java Deserialization Library☆411Updated 5 years ago
- Code Pulse is a real-time code coverage tool for penetration testing activities☆119Updated 2 years ago
- ☆329Updated 2 years ago
- ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for progr…☆624Updated 2 months ago
- Codyze is a static analyzer for Java, C, C++ based on code property graphs☆88Updated 3 weeks ago
- ☆15Updated 4 years ago
- Code Property Graph: specification, query language, and utilities☆486Updated 2 weeks ago
- Software Component Verification Standard (SCVS)☆140Updated 10 months ago
- Phosphor: Dynamic Taint Tracking for the JVM☆171Updated last month
- The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This …☆508Updated 6 months ago
- Plugin for doing static analysis in Intellij using PMD☆71Updated 2 months ago
- JQF + Zest: Coverage-guided semantic fuzzing for Java.☆687Updated 3 weeks ago