CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

收集一些比较优秀的开源安全项目，以帮助甲方安全从业人员构建企业安全能力。

Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components throug…

share experience towards for information management, brainstorming and so on.

xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

《深入理解SAST静态应用安全测试》Static Application Security Testing.

《深入理解CodeQL》Finding vulnerabilities with CodeQL.

🔥Open source RASP solution

专注于JVM的运行时防御系统RASP

《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.

《Java安全-只有Java安全才能拯救宇宙》Only Java Security Can Save The Universe.

《JNDI-深入理解Java万恶之源》

The ZAP by Checkmarx Core project

BTrace - a safe, dynamic tracing tool for the Java platform

JavaRce complements project - use RASP to prevent vulnerabilities

⚙️ A curated list of dynamic analysis tools and linters for all programming languages, binaries, and more.

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

⚡ Fast Web Security Scanner written in Rust based on Lua Scripts 🌖 🦀

Ultimate DevSecOps library