Exemplo de workflow de segurança que realiza testes SAST, SCA, DAST, Secrets Scan e IaC Scan via GitHub Actions utilizando ferramentas open source.

A simple static application security testing (SAST) tool for locating dangerous sinks in php applications.

blackduckcopilot

Scanner-One is a freely usable Static Application Security Testing (SAST) scanner for all source code languages. Currently functional for Cpp, Java, Javascript, PHP and Python.

Scanner for cryptographic gems & their reverse dependecies in Ruby applications

DevSecOps Framework - Python application

Experimentation and Hands-on to enable SecOPS for a microservices developed with SpringBoot.

Proof of concept of Veracode custom cleanser annotations in sample Java application

An implementation of infrastructure-as-code scanning using dynamic tooling.

Java Ecommerce Application with microservices Architecture

GitHub Action for detecting sensitive data issues.

SAST Scanner Modified - Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!

An OSS Index integration to check your Conda environments for vulnerable Open Source packages

CodeThreat GitHub Action integrates with GitHub to perform code security tests on your code. It supports a variety of languages and frameworks, providing detailed security scans to identify potential issues.

Quick script to scan through a PHP project and flag up functions that are of interest when looking for security vulnerabilities. Aids manual code review.

A script to automate SAST analysis of your decompiled APKs with Checkmarx, and a Dockerfile if you ever need it.

This is SAST IDE plugin for Android developers. Covers common CWEs

Express IaC resources as d3fend graphs.

Совместное использование инструментов SAST, DAST и SCA для повышения эффективности обнаружения и устранения уязвимостей программных модулей ─=≡Σ((( つ＞＜)つ📊📊📊

DevSecOps Jenkins Setup