GoCD - Continuous Delivery server main repository

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

An extremely easy way to perform background processing in Java. Backed by persistent storage. Open and free for commercial use.

Java API for GitHub

Pluggable type-checking for Java

Java program to retrieve server certificate that can be added to local keystore

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross S…

Coverity Security Library (CSL) is a lightweight set of escaping routines for fixing cross-site scripting (XSS), SQL injection, and other security defects in Java web applications.

Phosphor: Dynamic Taint Tracking for the JVM

A cli that can be used to query various online vulnerability sources such as the NVD or GHSA. The CLI and docker images can be used to mirror the NVD.

Java library for parsing report files from static code analysis.

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Maven Plugin for Project Lombok

Semantic versioning for Java apps.

Apache Maven Indexer

A utility for validating and parsing Common Platform Enumeration (CPE) v2.2 and v2.3 as originally defined by MITRE and maintained by NIST

Maven plugin for generating java serviceloader files

Externalize Java application access to protected resources as log messages.

a framework for building java codemods

Demonstrates how a malicious dependency could negatively impact the build output.

A set of security APIs meant to help secure Java code

A library for commenting GitHub with violations from static code analyzer reports.

HawtDB is an embedded MVCC Key/Value Database

ESP: Security Plugin is a real time static analysis tool for Eclipse users.

JAX RS WS Interfaces for Github webhooks