snyk / nexus-snyk-security-plugin
Allow Nexus users to test their applications against the Snyk vulnerability database
☆18Updated 3 weeks ago
Related projects ⓘ
Alternatives and complementary repositories for nexus-snyk-security-plugin
- Test and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.☆78Updated 2 months ago
- Evaluation Framework for Dependency Analysis (EFDA)☆42Updated 2 years ago
- An opinionated scaffolding framework that jumpstarts Java projects with an API-first design, secure defaults, and minimal dependencies☆62Updated this week
- CycloneDX SBOM Model and Utils for Creating and Validating BOMs☆81Updated this week
- A simple Java command-line utility to mirror the entire contents of VulnDB.☆44Updated this week
- Codyze is a static analyzer for Java, C, C++ based on code property graphs☆87Updated 2 weeks ago
- Analysis for access-control vulnerabilities in Java Spring Security applications.☆14Updated 2 years ago
- Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages☆121Updated 2 years ago
- Prepackaged and precompiled github codeql container for rapid analysis, deployment and development.☆109Updated 11 months ago
- Black Duck Docker Orchestration Files/Documentation☆120Updated last week
- Analyse package dependency networks at the call graph level☆92Updated 11 months ago
- Java taint propagation for java. Define tainted sources, sanitizer methods and sinks via aspects.☆27Updated 6 years ago
- Libinjection in Java☆37Updated 8 years ago
- GitHub Satellite 2020 workshops on finding security vulnerabilities with CodeQL for Java/JavaScript.☆207Updated last month
- A static analysis tool for Java programs, based on the theory of code property graphs.☆16Updated last year
- The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment wher…☆83Updated 2 years ago
- Home page of project "KB"☆113Updated last week
- A Java runtime information-gathering tool which uses the Java Attach API for information acquisition☆204Updated 3 years ago
- Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects☆298Updated last week
- IAST 灰盒扫描工具☆444Updated 2 years ago
- A technique for developing Fortify structural rules and characterization rules.☆14Updated 4 years ago
- Corax for Java: A general static analysis framework for java code checking.☆233Updated last month
- CVE Data Analysis, CVE Monitor, CVE EXP Prediction Based on Deep Learning. 1999-2020年存量CVE数据分析、监控CVE增量更新、基于深度学习的CVE EXP预测和自动化推送☆176Updated last year
- xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".☆335Updated this week
- A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIS…☆47Updated this week
- A simple Java command-line utility to mirror the CVE JSON data from NIST.☆206Updated 2 years ago
- Doop - Framework for Java Pointer and Taint Analysis☆17Updated 5 years ago
- CogniCrypt_SAST: CrySL-to-Static Analysis Compiler☆67Updated this week
- Scanning and analysis for Black Duck SCA products.☆159Updated this week
- Collection of community-driven CodeQL query, library and extension packs☆68Updated this week