switzersc-usds
commented
3 years ago Closing as duplicate of #261
Closed switzersc-usds closed 3 years ago
switzersc-usds
commented
3 years ago Closing as duplicate of #261
From Geoplatform:
Here are some suggested tools to use. As long as the tool can detect vulnerabilities, flaws and improper configurations, it’s really up to you if you would rather use something else.
Web Application Scans: OWASP ZAP (>https://www.zaproxy.org/<) Pentest-Tools Website vulnerability Scanner (>https://pentest-tools.com/website-vulnerability-scanning/website-scanner<) Snyk (>https://snyk.io/website-scanner/<)
Source Code Analysis Tools: CodeQL (https://github.com/github/codeql)Steps to configure scans - https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository SonarQube (>https://www.sonarqube.org/<) Fluid Attack’s Scanner (>https://docs.fluidattacks.com/machine/scanner/plans/foss<)