secureCodeBox: A collection of security control tools
SafeCodeBox is a kubernetes-based toolkit for continuous scanning for your software security vulnerabilities. Its goal is to easily automate penetration testing in kubernetes.
Purpose of the project
The typical way to ensure that your application is secure is to hire a security specialist (also known as a pentester) to check the application for bugs and vulnerabilities. Usually, this test is performed at a later stage of the project but has two major drawbacks:
- Today, many projects are constantly evolving, which means that developers develop new versions several times a day. A pentester is only able to control one version at a time, but a few further additions could bring new security issues. To ensure the continued security of an application, the pentester should also constantly monitor the application. Unfortunately, such an approach is rarely economically feasible.
- Due to a typically short time analysis, the pentester has to focus on minor safety issues and therefore will probably not take it seriously.
With the safeCodeBox We have a chain of tools for continuous application scanning to find both low-risk security issues and major security issues in a short period of time without being on your computer all the time and checking your project.
By no means safeCodeBox can not replace a pentester. What it does is give you a first look at the security of your project.
important note : The safeCodeBox is not the simple solution that everything is done automatically and with one click!
You need to have a deep understanding and knowledge of security issues and how to configure the scanners it contains. In addition, it is necessary to understand the results of a scan and how to interpret them.
The safeCodeBox code is licensed under it Apache License 2.0.
Information about the installation and use of the program, you will find here..