Dep-Scan – Fully Open-Source Security Audit For Project Dependencies Based On Known Vulnerabilities And Advisories. Supports Both Local Repos And Container Images. Integrates With Various CI Environments Such As Azure Pipelines, CircleCI, Google CloudBuild

dep-scan is a fully open-source security audit tool for project dependencies based on known vulnerabilities, advisories and license limitations. Both local repositories and container images are supported as input. The tool is ideal for CI environments with built-in build breaker logic. If you have just come across this repo, probably the best place to startRead More

Purify – All-in-one Tool For Managing Vulnerability Reports From AppSec Pipelines

All-in-one tool for managing vulnerability reports WhyThe goal of Purify to be an easy-in-use and efficient tool to simplify a workflow of managing vulnerabilities delivered from various tools.Purify is designed to analyze the report of any tool, if the report is in JSON or XML format. This means you don’t need any special plug-ins toRead More

X