An insecure Java/Spring web application for use in DevSecOps scenarios.

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Vulnerable app with examples showing how to not use secrets

CloudRec is an open source multi-cloud security posture management (CSPM) platform designed to help organizations improve the security of their cloud environments.

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teams

Trend Vision One File Security Java SDK

End-to-end Real-Time CI/CD Pipeline to EKS using Jenkins and Argo CD

The ArmorCode Release Gate plugin for Jenkins enforces security policies by blocking or warning CI/CD builds based on validation results.

一座已落成的思維展演，而非一個持續演進的開源社群專案。 其核心，是在 25 天業餘時間，由人機協作極限衝刺而成的整合實驗；一份，將「詩意、思想與技術」，連同其完整的「程式碼、架構圖、設計決策(ADRs)、開發檢討(AARs)及測試報告」，融合成一體的概念驗證 (POC) 作品。 它，亦是，本工坊五大作品中的「第一基石」。 本專案，已被，完整地，在此，封存於 2025 年 10 月 30 日。

DevSecOps x GitOps Project

Secure delivery tracking system with Spring Boot, React, Docker, and CI/CD via GitHub Actions, featuring integrated DevSecOps tools and JWT authentication.

This repository showcases a complete CI/CD pipeline built with Jenkins to enforce DevSecOps principles. It automates every step from code checkout to deployment, integrating SonarCloud for static code analysis, Snyk for dependency scanning, and Slack for notifications.

A hands-on lab demonstrating the architectural evolution of a Spring Boot application from a secure monolith to a fully observable, distributed system using modern DevSecOps practices.

Demo repository for my talk at the Heise Developer Experience 2022 conference.

Integrate our security scans with your Jenkins CI/CD pipeline

Test and monitor your projects for vulnerabilities with Jenkins. This plugin is officially maintained by Snyk.

DevSecBox simplifies tasks for Bug Hunters and DevSecOps. It works with the command line, integrates with any tools, and manages your workflows.