Spotbugs
falco
Our great sponsors
Spotbugs | falco | |
---|---|---|
17 | 42 | |
3,311 | 6,818 | |
1.5% | 2.7% | |
9.6 | 9.8 | |
8 days ago | 7 days ago | |
Java | C++ | |
GNU Lesser General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Spotbugs
- Primeiros passos no desenvolvimento Java em 2023: um guia particular
-
Ask HN: What is a modern Java environment?
PMD, Spotbugs, Nullaway: Java linting/static analysis (https://pmd.github.io, https://spotbugs.github.io, https://github.com/uber/NullAway)
- What are some useful static analyzers for Java?
- Go CheckLocks Analyzer
-
Is there a tool to track CVEs for the software that we use?
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
-
SpotBugs supports SARIF that supports integration with other SAST tools
First, it's better to use SpotBugs 4.4.1 and above, that includes a fix to make SARIF report compatible with Github code scanning API requirements.
-
Looking for a Static Code Analysis tool for Scala Code
If you don’t have checkmarx/Vera code money, have you looked at https://find-sec-bugs.github.io/? It can be used with a few things such as https://spotbugs.github.io/ and sonarQ
-
An Incomplete List of Practical Security for Mortals
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
-
Conducting SAST for Java Applications
Static application security testing (SAST) is essential in tackling the source code vulnerabilities, late diagnosis of problems, and lack of root-cause analysis. This post describes how to carry out SAST in your Java application using SpotBugs.
-
Web Application Security Checklist (2021)
SpotBugs
falco
-
Cisco Acquires Splunk
https://github.com/falcosecurity/falco
Like snort, but looks at system calls.
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
Falco is a well-known open source security solution originally created by Sysdig. It’s a CNCF incubating project and one of the few (as far as I can tell) options on this list that uses eBPF to scan for vulnerabilities.
-
K8s secret management
Use some kind of SIEM or Falco to alert you to threats (you can't stop them, but a human can always intervene)
-
How to Deploy and Scale Strapi on a Kubernetes Cluster 2/2
Falco, is a security project that can help you detect threats from within your cluster.
-
Go based eBPF projects
https://falco.org/ is a security-focused monitoring and alerting with an eBPF option
- eBPF – Running sandboxed programs in a privileged context such as OS kernel
-
Implement DevSecOps to Secure your CI/CD pipeline
Falco is a cloud native Kubernetes threat detection tool. It can detect unexpected behavior, intrusions, and data theft in real time. In the backend, it uses Linux eBPF technology to trace your system and applications at runtime. For example, it can detect if someone tries to read a secret file inside a container, access a pod as a root user, etc, and trigger a webhook or send logs to the monitoring system. There are similar tools like Tetragon, KubeArmor, and Tracee which also provide Kubernetes runtime security.
-
Blackhat 2022 recap – Trends and highlights
Log everything but know the limits: the golden rule of security is to log everything, but in some cases we exceed the limits. Attackers use this to hide their actions and go unnoticed. At this point, we want to highlight another option. Try to detect at runtime or at the time when these logs occur to avoid the large amount of logs (only one window is sufficient if the initial compromise attack is detected). That is what Falco open source tries to do.
- Live Packet Capture to Grafana
-
Manage Falco easier with Giant Swarm App Platform
Falco is the de facto Kubernetes threat detection engine, and also extends its reach to cloud and Linux hosts. It monitors the behavior of every process in the node and can alert us when something fishy happens.
What are some alternatives?
SonarQube - Continuous Inspection
FindBugs - The new home of the FindBugs project
PMD - An extensible multilanguage static code analyzer.
Error Prone - Catch common Java mistakes as compile-time errors
Checkstyle - Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
SonarJava - :coffee: SonarSource Static Analyzer for Java Code Quality and Security
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Kyverno - Kubernetes Native Policy Management
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
infer - A static analyzer for Java, C, C++, and Objective-C
OSQuery - SQL powered operating system instrumentation, monitoring, and analytics.
gatekeeper - 🐊 Gatekeeper - Policy Controller for Kubernetes