The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 13 Java Owasp Projects
-
dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
-
find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
semgrep-rules-android-security
A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Admin-Panel_Finder
A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)
Project mention: Show HN: Pre-alpha tool for analyzing spdx SBOMs generated by GitHub | news.ycombinator.com | 2024-04-21I've become interested in SBOM recently, and found there were great tools like https://dependencytrack.org/ for CycloneDX SBOMs, but all I have is SPDX SBOMs generated by GitHub.
I decided to have a go at writing my own dependency track esque tool aiming to integrate with the APIs GitHub provides.
It's pretty limited in functionality so far, but can give a high level summary of the types of licenses your repository dependencies use, and let you drill down into potentially problematic ones.
Written in NextJS + mui + sqlite, and using another project of mine to generate most of the API boilerplate/glue (https://github.com/mnahkies/openapi-code-generator)
The swagger file for that is available on their repository here: https://github.com/OWASP/crAPI/blob/develop/openapi-spec/openapi-spec.json
As others have already commented:
The US government has added SBOMs to a proposed rule to update the Federal Acquisition Regulation. So if you want to sell to the US Government you'll have to provide SBOMs: https://www.federalregister.gov/documents/2023/10/03/2023-21...
Lots of large companies require SBOMs from their supplier.
In the EU we will get the Cyber Resilience Act which will make them mandatory as well in certain cases: https://data.consilium.europa.eu/doc/document/ST-12536-2023-...
And yes, there's bascially two technical standards to provide them: SPDX and CycloneDX: https://cyclonedx.org/
Project mention: Dependency inventory / dashboard for multiple maven projects | /r/java | 2023-06-08
Java Owasp related posts
- Cloud Native Testing Framework
- HybridTestFramework: Cloud Native Testing Framework
- Dependency-Track
- Krita fund has 0 corporate support
- how do you guys create your swagger file?
- The ultimate guide to Java Security Vulnerabilities (CVE)
- Is there any news about 64 bit Steam?
-
A note from our sponsor - WorkOS
workos.com | 26 Apr 2024
Index
What are some of the best open-source Owasp projects in Java? This list will help you:
Project | Stars | |
---|---|---|
1 | dependency-track | 2,315 |
2 | find-sec-bugs | 2,204 |
3 | wrongsecrets | 1,117 |
4 | crAPI | 956 |
5 | cyclonedx-maven-plugin | 273 |
6 | VulnerableApp | 250 |
7 | semgrep-rules-android-security | 203 |
8 | cyclonedx-gradle-plugin | 138 |
9 | HybridTestFramework | 136 |
10 | Admin-Panel_Finder | 112 |
11 | cyclonedx-core-java | 68 |
12 | owasp-zap-jwt-addon | 28 |
13 | FileChampion4j | 1 |
Sponsored