Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Vulnerable app with examples showing how to not use secrets

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

DevSecOps Project using git, GitHub, jenkins, Maven,Junit, SonarQube, Docker, Trivy, Hashicorp Vault, AWS, Kubernetes

SonarQube plugin for identifying hardcoded secrets, such as passwords, API keys, AWS credentials, etc..

Udemy Course on DevSecOps

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. Sugar-Free and Secure: no any external dependencies except for chart plotting are used

Test and monitor your projects for vulnerabilities with Jenkins. This plugin is officially maintained by Snyk.

Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teams

Dongtai-plugin-idea is an IDEA plug-in developed by DongTai team for Java Web application developers. This plug-in provides functions such as vulnerability detection and code audit during application development, enabling developers to find application vulnerabilities more intuitively, quickly and in real time during application development.

Export Fortify vulnerability data to GitHub, GitLab, SonarQube and more

Sonarqube cloudformation plugin, IaC security supports cfn-nag/checkov

Fortify Jenkins plugin

Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayBackend project contains source code of backend with all plugin integrations writer in Spring Boot.

An insecure Java/Spring web application for use in DevSecOps scenarios.

A Java agent that disables platform features you don't use, before an attacker uses them against you.

Jenkins Plugin from Contrast Security