gingeleski
commented
4 years ago Upon close inspection of both projects, they strike me as being pretty equal in --
- Github popularity
- Recent activity/maintenance
- Tool support
- Some degree of OWASP ZAP support
- sslyze
However, BDD-Security edges out Gauntlt in my view for a couple reasons.
One is it has some degree of support for "Selenium/WebDriver" whereas there's no evidence of this for Gauntlt. It lists "curl" and I guess that's how far it goes sending ad hoc requests and interpreting responses.
Two is it's Java-based and built with Gradle, just like this project. That gives me a feeling that integrating its results with these results in a pipeline of some sort will be easier. More importantly, I would much rather get my hands dirty with Java as opposed to Gauntlt's Ruby.
Closing this issue with my decision as BDD-Security ... I will fork it to customize as needed.
Either BDD-Security or Gauntlt would seem to desirable to add for end-to-end testing.
This issue covers researching which of the two is more maintained, developed, and desirable.
A separate issue will be opened to initially add whichever one to the Vagrant image for this project.