Posts about
Tools
Integrate Whispers secrets detection into CI/CD
What is whispers? Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and...
Integrate OWASP ZAP into CI/CD
What is OWASP ZAP? OWASP ZAP (Zed Attack Proxy) is a flagship security proxy and web application scanner from OWASP, and is the worlds most widely...
Integrate SonarQube Server into CI/CD
What is SonarQube Server? SonarQube is a very popular static analysis tool that scans code for quality and security issues. SonarQube has community...
Integrate Sonatype OSS Index in CI/CD
What is SOI? SOI stands for 'Sonatype OSS Index' and is a tool developed by Uleska to perform software composition analysis against a code repo to...
Integrate OWASP Dependency Track into CI/CD
What is OWASP Dependency Track? Dependency Track is an open-source software composition analysis tool from an OWASP project. It is good for...
Clair
What is Clair? Clair is a popular open source security tool for parsing container image contents and reporting vulnerabilities affecting the...
Integrate SonarQube Scanner into CI/CD
What is SonarQube Scanner? SonarQube is a very popular static analysis tool that scans code for quality and security issues. SonarQube has...