Our great sponsors
- Onboard AI - Learn any GitHub repo in 59 seconds
- InfluxDB - Collect and Analyze Billions of Data Points in Real Time
- SaaSHub - Software Alternatives and Reviews
-
DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
-
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
-
Onboard AI
Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at www.getonboard.dev.
-
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
-
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
-
vulnmine
Vulnmine searches for vulnerable hosts using MS SCCM host / software inventory data with NIST NVD Vulnerability feed data.
It is hard. Look at vulmine and the logic behind it for feeding SCCM reports into it.
-
there's also https://www.opencve.io/ which can be selfhosted if wanted
-
I don't recommend cheaping out on vuln scanning, but if you really can't get any money there's always OpenVAS. That will allow you to do credentialed scanning and track vulnerabilities in your environment. It's no real substitute for Tenable or similar, but it's better than nothing.
-
InfluxDB
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
-
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Hi, Wazuh employee here! I think that you might be interested in implementing Wazuh in your company, it's an open-source SIEM that allows you to monitor not only the CVEs that could affect the software that your company uses, but also misconfigurations that could lead to attacks from malicious actors, intrusion detection -such as detecting brute-forcing attacks-, and many other interesting capabilities.