Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

A hands-on lab demonstrating the architectural evolution of a Spring Boot application from a secure monolith to a fully observable, distributed system using modern DevSecOps practices.

Secure delivery tracking system with Spring Boot, React, Docker, and CI/CD via GitHub Actions, featuring integrated DevSecOps tools and JWT authentication.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teams

Vulnerable app with examples showing how to not use secrets

CloudRec is an open source multi-cloud security posture management (CSPM) platform designed to help organizations improve the security of their cloud environments.

Integrate our security scans with your Jenkins CI/CD pipeline

Demo repository for my talk at the Heise Developer Experience 2022 conference.

Test and monitor your projects for vulnerabilities with Jenkins. This plugin is officially maintained by Snyk.

DevSecBox simplifies tasks for Bug Hunters and DevSecOps. It works with the command line, integrates with any tools, and manages your workflows.

Deprecated; please use fcli instead

Java SonarQube Integration

Conjur plugin for securely providing credentials to Jenkins jobs

Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

API con vulnerabilidades para aprendizaje

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

Trend Vision One File Security Java SDK