secureCodeBox is a kubernetes based mostly, modularized toolchain for steady safety scans of your software program mission. Its purpose is to orchestrate and simply automate a bunch of security-testing instruments out of the field.
For extra documentation points please take a look at our documentation web site:
Objective of this Mission
The everyday approach to make sure utility safety is to rent a safety specialist (aka penetration tester) in some unspecified time in the future in your mission to verify the applying for safety bugs and vulnerabilities. Normally, this verify is completed at a later stage of the mission and has two main drawbacks:
- These days, numerous initiatives do steady supply, which suggests the builders deploy new variations a number of instances every day. The penetration tester is simply capable of verify a single snapshot, however some additional commits may introduce new safety points. To make sure ongoing utility safety, the penetration tester must also repeatedly take a look at the applying. Sadly, such an strategy is never financially possible.
- As a result of a sometimes time boxed evaluation, the penetration tester has to give attention to trivial safety points (low-hanging fruit) and due to this fact will in all probability not handle the intense, non-obvious ones.
With the secureCodeBox we offer a toolchain for steady scanning of functions to seek out the low-hanging fruit points early within the growth course of and free the assets of the penetration tester to focus on the main safety points.
The aim of secureCodeBox isn’t to exchange the penetration testers or make them out of date. We strongly advocate to run in depth assessments by skilled penetration testers on all of your functions.
Necessary word: The secureCodeBox is not any easy one-button-click-solution! You will need to have a deep understanding of safety and find out how to configure the scanners. Moreover, an understanding of the scan outcomes and find out how to interpret them can also be needed.
There’s a German article about Safety DevOps – Angreifern (immer) einen Schritt voraus within the software program engineering journal OBJEKTSpektrum.
Quickstart
You will discover assets that can assist you get began on our documentation web site together with instruction on find out how to set up the secureCodeBox and guides that can assist you run your first scans with it.
Structure Overview
Upgrading
For the steps required for upgrading your secureCodeBox set up, see Upgrading.
License
Code of secureCodeBox is licensed below the Apache License 2.0.
Group
You might be welcome, please be part of us on…
ï‘‹
secureCodeBox is an official OWASP mission.
Writer Info
Sponsored and maintained by iteratec GmbH – secureCodeBox.io