accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Miller <mmil...@apache.org>
Subject Re: Free AppSec Tools for Open Source (like Accumulo)
Date Tue, 23 Oct 2018 23:09:41 GMT
Hi Dave,

I ran the Snyk CLI tool on our two main branches a few weeks ago.  See
attached for the results.

On Tue, Oct 23, 2018 at 5:15 PM Dave Wichers <dave.wichers@owasp.org> wrote:

> I sent you some suggestions before, which inspired me to create this OWASP
> page:
>
> https://www.owasp.org/index.php/Free_for_Open_Source_Application_Security_Tools
>
> Let me know what you think. Useful? Any suggested changes/additions?
>
> I know you are using Spot Bugs with the FindSecBugs plugin. Maybe you can
> start using one of the Open Source Component Vulnerability Checking tools?
> I know you didn't want to use Snyk because it wanted write access to your
> github repo to create pull requests. However, you can instead use their
> Command Line Interface, which doesn't require write access AND the results
> are kept private to you, which is ALSO important :-)  I'd love for your
> team to give that a whirl and see if it works.
>
> Let me know if you try to use any of these other tools and how well they
> do/do not work for you. Happy to help if your team needs any.
>
> I've never shown this to anyone else by the way. Your team is the first :-)
>
> Thanks, Dave
>

Mime
View raw message