HXSecurity / DongTai

Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation. It is particularly suitable for use in the testing phase of the development pipeline.
https://dongtai.io
Apache License 2.0
1.24k stars 145 forks source link

DongTai

django-project license Apache-2.0 GitHub release

GitHub release GitHub release GitHub release GitHub release GitHub release GitHub release

中文版本(Chinese version)

About DongTai IAST

Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation. It is particularly suitable for use in the testing phase of the development pipeline.

Project structure

.
├── deploy
├── dongtai_common common functions and classes for each service to call
├── dongtai_conf configuration files
├── dongtai_engine vulnerability detection and vulnerability processing part
├── dongtai_protocol protocols for interaction between dongtai-server and agent
├── dongtai_web api for interacting with the web
├── static static files
└── test testcases

Architecture

DongTai IAST has multiple basic services, including DongTai-web, DongTaiagent, DongTai-Base-Image and DongTai-Plugin-IDEA:

Scenario

The usage scenarios of "DongTai IAST" include but not limited to:

Quick start

DongTai IAST supports SaaS Service and Localized Deployment. Please refer to Deployment Document for localized deployment.

1. SaaS Version

2. Localized Deployment Version

DongTai IAST supports a variety of deployment schemes which refer to Deployment Document:

Docker-compose

git clone git@github.com:HXSecurity/DongTai.git
cd DongTai
chmod u+x build_with_docker_compose.sh
./build_with_docker_compose.sh

Contributing

Contributions are welcomed and greatly appreciated. Further reading — CONTRIBUTING.md for details on submitting patches and contribution workflow.

Any questions? Let's discuss in #DongTai discussions

Futher Resources

Stats

Alt