accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Wichers <dave.wich...@owasp.org>
Subject Free AppSec Tools for Open Source (like Accumulo)
Date Tue, 23 Oct 2018 21:14:46 GMT
I sent you some suggestions before, which inspired me to create this OWASP
page:
https://www.owasp.org/index.php/Free_for_Open_Source_Application_Security_Tools

Let me know what you think. Useful? Any suggested changes/additions?

I know you are using Spot Bugs with the FindSecBugs plugin. Maybe you can
start using one of the Open Source Component Vulnerability Checking tools?
I know you didn't want to use Snyk because it wanted write access to your
github repo to create pull requests. However, you can instead use their
Command Line Interface, which doesn't require write access AND the results
are kept private to you, which is ALSO important :-)  I'd love for your
team to give that a whirl and see if it works.

Let me know if you try to use any of these other tools and how well they
do/do not work for you. Happy to help if your team needs any.

I've never shown this to anyone else by the way. Your team is the first :-)

Thanks, Dave

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message