IDEA静态代码安全审计及漏洞一键修复插件

xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

SecHub provides a central API to test software with different security tools.

Udemy Course on DevSecOps

Delveline is a Code Vulnerability Analyzer for Java and Kotlin that supports best practices in security and risk management.

Application security best practices and code implementations for Java developers. This project is intended for didactic purposes only, supporting my training course.

Vulnerability consolidation and management tool, enhances scan results by merging different findings of the same weakness across multiple static/dynamic scans

A monorepo filtering workaround for GitHub Advanced Security Code Scanning using renaming of the scanning tool in an Actions workflow

Oversecured Extension for Gradle

DASCA combines dynamic and static techniques for analysing code for finding security (i.e., vulnerabilities), safety, or reliability problems.

CodeThreat with Jenkins, allowing you to identify and rectify security issues effectively. The repository also provides a sample Jenkins Pipeline script for your guidance. To use this tool, you need a CodeThreat account.

Java Ecommerce Application with microservices Architecture

codecov

cxflow example for JavaVulnerableLab

Oversecured Plugin for Jenkins

Proof of concept of Veracode custom cleanser annotations in sample Java application

gradle pipeline

The Sec1 Security plugin provides both SCA and SAST capabilities, enabling teams to scan SCM repositories for open-source vulnerabilities and analyze code to detect security issues early in development.

Same vulnerable app as swsec-intro, but in a more modern framework.