SafeCodeBox is a kubernetes-based toolkit for continuous scanning for your software security vulnerabilities. Its goal is to easily automate it penetration testing in kubernetes.
Purpose of the project
The typical way to ensure that your application is secure is to hire a security specialist (also known as a pentester) to check the application for bugs and vulnerabilities. Usually, this test is performed at a later stage of the project but has two major drawbacks:
- Today, many projects are carried out plusεχή πρόοδο, πράγμα που σημαίνει ότι οι προγραμματιστές αναπτύσσουν νέες εκδόσεις πολλές φορές κάθε μέρα. Ένας pentester είναι σε θέση να ελέγξει μόνο μια έκδοση τη φορά, αλλά μερικές περαιτέρω προσθήκες, θα μπορούσαν να φέρουν νέα προβλήματα ασφαλείας. Για να διασφαλιστεί η συνεχής ασφάλεια μιας εφαρμογής, ο pentester θα πρέπει επίσης να ελέγχει συνεχώς την εφαρμογή. Δυστυχώς, μια τέτοια προσέγγιση είναι σπάνια οικονομικά εφικτή.
- Due to a typically short time analysis, the pentester has to focus on minor safety issues and therefore will probably not take it seriously.
With the safeCodeBox We have a chain of tools for continuous application scanning to find both low-risk security issues and major security issues in a short period of time without being on your computer all the time and checking your project.
By no means safeCodeBox can not replace a pentester. What it does is give you a first look at the security of your project.
important note : The safeCodeBox is not the simple solution that everything is done automatically and with one click!
You need to have a deep understanding and knowledge of security issues and how to configure the scanners it contains. In addition, it is necessary to understand the results of a scan and how to interpret them.
Information about the installation and use of the program, you will find here.