Import JSON findings from Crunch42 vulnerability scan tool.
Acunetix Scan is a vulnerability scanner specifically designed to detect vulnerabilities in web applications. The tool scans for a wide range of vulnerabilities including SQL Injection, Cross-Site Scripting (XSS), and Local File Inclusion (LFI), among others.
An extension of the Acunetix Scan, the Acunetix 360 is a more comprehensive solution offering full visibility of your web security posture and ensures web and mobile app security integrating with your development environment.
An open-source project that provides a centralized service for inspection, analysis, and certification of container images. The Anchore engine is core to many Anchore deployments, used to analyze and scan Docker and OCI container images for security vulnerabilities and policy issues.
A part of Anchore Enterprise suite, it is designed to bring a policy-based compliance check to ensure your containers meet your organizational requirements. It allows the definition and enforcement of custom policies for CI/CD pipelines.
Grype is Anchore's fast and lightweight OS package and library vulnerability scanner for containers and filesystems.
AnchoreCTL is a command-line tool that leverages Anchore Engine to conduct vulnerability scans, generate policy evaluations, and other Anchore operations. Policies Report generates a detailed report on the policies applied during the analysis.
Similar to the Policies Report, but focuses on generating reports that provide detailed information on any vulnerabilities found during the scanning process by AnchoreCTL.
This is essentially the same as the AppSpider Scan, provided by Rapid7, a company renowned for offering various security solutions including vulnerability management.
AppSpider is a web application security scanning tool. It dynamically assesses apps to identify vulnerabilities, provides reports, and offers remediation guidance. It is suitable for identifying a wide range of vulnerabilities.
A security solution that specializes in container security, providing comprehensive vulnerability scanning and policy enforcement to ensure continuous security and compliance of containerized applications.
An open-source web application security scanner which identifies and mitigates vulnerabilities, enhancing the security of web applications.
A JavaScript/Node.js tool that leverages the Sonatype OSS Index to identify known vulnerabilities in your JavaScript & Node.js applications, helping developers secure their applications effectively.
An open-source tool that helps you secure AWS environments following best practices defined in the AWS Well-Architected Framework, and other standards, by performing extensive configuration and security checks.
An updated version of AWS Prowler Scan, providing enhanced features and updated security checks to help maintain the security posture of AWS environments.
A security auditing tool that allows users to review the security configuration of their AWS environments, providing a clear report of potential security weaknesses and risks.
A unified security findings format that integrates different AWS security services and third-party findings into AWS Security Hub, providing a comprehensive view of security and compliance status across AWS environments.
A centralized service that consolidates findings from various AWS services and third-party products to help you analyze and identify security findings in your AWS environment.
A tool from Microsoft Azure which provides unified security management and advanced threat protection, helping users to adhere to recommended best practices and secure their Azure environments.
A tool designed to find common security issues in Python code. By statically analyzing the source code, it helps developers identify security weaknesses and vulnerabilities in Python applications.
Bearer CLI is a static application security testing (SAST) tool that scans your source code and analyzes your data flows to discover, filter and prioritize security and privacy risks.
Black Duck® Binary Analysis gives you visibility into open source and third-party dependencies that have been compiled into executables, libraries, containers, and firmware. You can analyze individual files using an intuitive user interface or Black Duck multifactor open source detection, which automates the scanning of binary artifacts.
An interface that allows for integration with the BlackDuck software, which is used to secure and manage open source software in applications and containers, automating the process of identifying and mitigating open source security, license compliance and operational risks.
A tool within the BlackDuck software suite that is utilized for identifying and managing risks associated with the components used in your software applications, helping to pinpoint and mitigate security, license, and operational risks.
A scanning tool from the BlackDuck suite that helps in identifying the open-source components in your software and highlights any associated risks, including potential security vulnerabilities and license compliance issues.
A static analysis tool that scans Ruby on Rails applications for security vulnerabilities, helping developers to secure their Ruby applications by identifying a wide range of security issues.
A functionality that allows for the integration with Bugcrowd's crowdsourced security platform through its API, facilitating the import of data such as vulnerability reports to help manage and streamline security processes.
A tool leveraging Bugcrowd's security platform to scan applications and software for potential vulnerabilities, leveraging the power of the crowd to identify and report on security issues.
A patch-level verification tool for Ruby Bundler that helps in scanning Gemfile.lock files for known security vulnerabilities, helping developers maintain secure dependencies.
Dastardly is a free, lightweight web application security scanner for your CI/CD pipeline.
A tool from PortSwigger, designed to automate the process of scanning web applications for vulnerabilities, allowing for continuous monitoring and reporting to help secure web applications efficiently.
A part of the Burp Suite, it allows for scanning and testing of GraphQL APIs to identify potential vulnerabilities and security issues, helping to secure applications that are utilizing GraphQL technology.
An extension of the Burp Suite, enabling integration with the REST API to facilitate automated scanning processes and other functionalities, allowing for a more streamlined approach to web application security.
A tool part of the Burp Suite used for scanning web applications for security vulnerabilities. It works by performing automatic and manual testing of the web applications to identify potential security issues.
A Rust language tool that leverages Cargo, Rust's package manager, to audit Rust projects for known vulnerabilities reported in the RustSec advisory database, helping developers maintain secure and vulnerability-free Rust applications.
Import Checkmarx One JSON reports.
Stands for Open Source Analysis; it is a tool that allows organizations to manage the risk associated with the use of open-source components in software, helping in identifying and mitigating potential security and license compliance issues.
A static application security testing (SAST) solution that identifies security vulnerabilities in the source code early in the software development lifecycle, promoting secure coding practices.
An extended functionality of the Checkmarx Scan that provides a detailed report on the vulnerabilities identified, helping teams to get a deeper understanding of the security issues in their code.
An open-source tool for infrastructure as code (IaC) static code analysis that scans cloud infrastructure configured using Terraform, CloudFormation, Kubernetes, and other frameworks for security misconfigurations and compliance violations.
A combination of Clair, an open-source vulnerability scanner for containers, and Klar, a CLI tool that integrates with Clair for vulnerability analyses, providing a detailed report on potential security issues in Docker containers.
An open-source project that performs static analyses of container images to identify security vulnerabilities and other issues, helping organizations maintain secure container environments.
An open-source tool that performs static code analysis on AWS, Azure, and GCP infrastructures to identify security misconfigurations and compliance violations, helping in securing cloud environments effectively.
A feature that allows integration with the Cobalt.io platform through its API, facilitating the import of penetration testing data and other security findings into your systems, helping in streamlined security management and reporting.
A security service provided by Cobalt.io that leverages ethical hackers to perform penetration testing to identify vulnerabilities in your applications, improving the security posture by reporting potential security issues.
A tool that facilitates the visualization and management of reports generated by the CodeChecker static analysis tool, helping developers to identify and manage vulnerabilities more effectively.
A tool that integrates with the software development lifecycle to continuously identify vulnerabilities in real time, both in custom code and open-source libraries, improving the security of your applications.
An API for the Coverity software, which facilitates the integration of Coverity's static code analysis tool into various environments and workflows, enabling automated vulnerability detection and reporting.
A feature of the Crashtest Security suite that allows for the export of vulnerability data in JSON format, facilitating integration with other tools and systems for further analysis and reporting.
Similar to the JSON file feature but allows for the export of vulnerability data in XML format, providing a way to integrate the data with other systems or tools that prefer XML format for data ingestion.
A tool that scans codebases for accidentally committed sensitive information such as passwords and secrets, helping to prevent security breaches by identifying and removing sensitive data from code repositories.
A lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis, helping to identify and manage vulnerabilities associated with component usage.
An open-source static analysis security scanner specifically designed for Ruby written web applications, helping developers identify security issues in the early stages of development.
An open-source tool suite that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities, helping in maintaining a secure codebase by managing the vulnerabilities effectively.
A feature of the Dependency-Track system that allows exporting findings in the Finding Packaging Format (FPF), aiding in the seamless sharing and management of vulnerability information across different platforms.
A tool aimed at detecting secrets and sensitive information, like passwords and API keys, that may have been accidentally committed into the code repository, helping to prevent security breaches due to leaked credentials.
An open-source script that checks for dozens of common best-practices around deploying Docker containers in production, helping to secure Docker configurations and prevent vulnerabilities.
A container image linter that helps in identifying and solving container-related security issues, misconfigurations, and best practice violations, enhancing the security posture of your containerized applications.
A tool that helps in the importation of JSON files generated by DrHeader, a tool that analyzes HTTP security headers and identifies misconfigurations, facilitating the easy integration of DrHeader reports into other systems.
A tool for scanning systems and applications to ensure they adhere to the Department of Defense (DOD) Security Technical Implementation Guides (STIGs), which are a framework for standardized secure installation and maintenance of computer software and hardware.
A service that offers full-stack vulnerability management, leveraging a combination of machine automation and expert validation, helping organizations identify and manage vulnerabilities effectively.
A tool for identifying and fixing problems in JavaScript code through static analysis, helping developers maintain a high code quality and adhere to best practices, which can indirectly help in maintaining a good security posture.
A static code analyzer from Micro Focus that helps in identifying security vulnerabilities in the source code early in the development lifecycle, promoting secure coding practices and reducing the risk of security breaches.
A feature that allows the importing of findings from various formats, helping to consolidate vulnerability data from different tools into a centralized system for easier management and reporting.
A tool that scans code repositories for secrets and potential security vulnerabilities, assisting in the prevention of sensitive data leakage and enhancing the security posture of development environments.
A scan leveraged by GitHub to automatically identify vulnerabilities in the repositories, helping developers to secure their code by alerting them to potential security issues identified in the dependencies.
A GitLab feature that allows for the automated scanning of API structures using fuzz testing techniques to uncover vulnerabilities and security flaws, enhancing API security through early detection of issues.
A GitLab feature that performs security scans on container images to identify vulnerabilities before deployment, helping to secure containerized applications by ensuring they are free of known vulnerabilities.
A Dynamic Application Security Testing (DAST) report generated by GitLab that provides insights into runtime security issues, aiding in the identification and mitigation of security vulnerabilities in web applications.
A GitLab feature that scans project dependencies for known vulnerabilities, utilizing a database of known issues to help developers maintain secure and updated dependencies in their projects.
A GitLab feature that provides Static Application Security Testing (SAST), analyzing source code for known vulnerabilities early in the development cycle, promoting secure coding practices.
A GitLab service that scans repository histories for secrets and sensitive information that should not be there, helping to prevent security incidents by identifying potentially compromised credentials.
An open-source tool that scans Git repositories for secrets and other sensitive information that might have been accidentally committed, aiding in the prevention of data leaks and other security issues.
A Golang security checker that inspects Go source code to identify security flaws and other issues through static analysis, helping developers to maintain secure and reliable Go codebases.
A tool used to scan Go language (Golang) projects for known vulnerabilities using the National Vulnerability Database, helping developers to identify and patch security issues in their Go-based applications.
A feature of the HackerOne platform where vulnerability reports submitted by ethical hackers are managed, helping organizations to efficiently track, manage, and resolve security issues identified through their bug bounty programs.
A static analysis tool for Dockerfiles that helps in identifying issues with Dockerfile configurations according to best practices, aiming to reduce potential security and performance issues in Docker containers.
A feature of the Harbor container registry that scans container images for vulnerabilities, assisting organizations in identifying and mitigating security issues before deploying the containers in production environments.
A dynamic application security testing tool provided by HLC that analyzes running applications to identify security vulnerabilities, helping organizations to secure their web applications against potential attacks.
An open-source tool used for identifying vulnerabilities in the source code during the development process, helping teams to maintain a high-security standard in their applications by catching issues early on.
A security tool that performs static code analysis to identify security vulnerabilities, misconfigurations, and other issues in the source code, reporting the findings through HuskyCI, and helping teams to maintain secure codebases.
A tool designed to perform network logon cracking, helping security professionals and ethical hackers to identify weak passwords and potential vulnerabilities in network authentication mechanisms.
A dynamic application security testing tool provided by IBM that analyzes running applications to identify security vulnerabilities, helping organizations to secure their web applications against potential attacks.
A tool that leverages AI and machine learning to perform web security testing, dark web monitoring, and other security assessments, helping organizations to maintain a secure presence online.
A feature of the IntSights threat intelligence platform that provides insights and reports on the cyber threat landscape, helping organizations to understand and respond to cyber threats more effectively.
A scan conducted through JFrog Xray's API to gather summary information on artifacts, including potential security vulnerabilities, license compliance issues, and more, aiding in the secure handling of binary artifacts.
JFrog CLI empowers you with robust scanning capabilities to ensure the security and compliance of your source code and software artifacts, including containers.
A security scanning solution by JFrog that integrates with JFrog Artifactory, providing detailed information on security vulnerabilities and license compliance, helping to secure your software artifacts and containers.
An extended feature of JFrog Xray that allows for the scanning of various artifacts, including Docker images, and software packages, in a unified manner, to identify security vulnerabilities and compliance issues.
A tool for Keeping Infrastructure as Code Secure (KICS), it scans infrastructure as code (IaC) configurations to identify security vulnerabilities and compliance issues, assisting in maintaining secure and compliant IaC setups.
A software analytics and SAST tool that scans source code to identify vulnerabilities and compliance issues, aiding organizations in maintaining secure and compliant code bases.
A tool that checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark, helping to ensure the secure configuration of Kubernetes environments.
kube-hunter hunts for security weaknesses in Kubernetes clusters.
A tool that scans project dependencies to identify known security vulnerabilities and license issues, helping teams to maintain secure and compliant code by managing their third-party dependencies effectively.
A dynamic application security testing tool by Microfocus that scans web applications and services to identify security vulnerabilities, helping organizations to secure their web assets against potential cyber threats.
A mobile security framework that performs static, dynamic, and interactive security testing on mobile apps (Android/iOS), helping to identify security vulnerabilities in mobile applications.
A static analysis security testing (SAST) tool integrated with MobSF for scanning source code of mobile applications to identify security vulnerabilities, helping to secure mobile apps through early detection of security issues.
A tool by Mozilla that helps developers, sysadmins, and security researchers to analyze and improve the security of their web servers and web applications by scanning them for known best practices and common misconfigurations.
nancy is a tool to check for vulnerabilities in your Golang dependencies.
An automated web application security scanner from Netsparker that identifies vulnerabilities and security flaws in websites, web applications, and web services, aiding organizations in protecting their web assets from cyber threats.
A component of the NeuVector container security platform that focuses on ensuring compliance with various regulatory and security standards, helping organizations to maintain compliant container environments.
A REST API provided by the NeuVector container security platform that allows for integration with other systems and automation of security tasks, aiding in the streamlined management of container security.
A vulnerability management solution from Rapid7 that scans networks to identify vulnerabilities and compliance issues, offering detailed reports and remediation advice to help organizations strengthen their security posture.
An open-source web server scanner that performs comprehensive tests against web servers to identify security vulnerabilities and configuration issues, assisting in securing web servers against potential attacks.
A versatile open-source network scanner used for network discovery and security auditing, helping administrators and security professionals to identify open ports, running services, and other information about networked systems.
A security scanning solution that focuses on identifying vulnerabilities in Node.js applications, helping developers to maintain secure JavaScript and Node.js codebases.
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data. It is useful both for offensive and defensive security testing.
A command-line utility from npm, Inc. that analyzes Node.js project dependencies to identify known vulnerabilities, helping developers to maintain secure and up-to-date project dependencies.
An open-source scanner that helps in vulnerability identification using customizable templates, allowing security researchers and penetration testers to identify known vulnerabilities efficiently and at scale.
A tool leveraging OpenSCAP library, used for scanning hosts to identify vulnerabilities based on known CVEs and configuration issues, aiding organizations in maintaining secure and compliant environments.
A report format utilized by the OpenVAS vulnerability scanning software, where the scan results and details of the identified vulnerabilities are exported as a CSV file, facilitating easier data analysis and reporting.
A report format utilized by the OpenVAS vulnerability scanning software, where the scan results and details of the identified vulnerabilities are exported as a XML file, facilitating easier data analysis and reporting.
An import functionality of the OSS Review Toolkit (ORT) that enables the incorporation of evaluated models — representing a concluded open source compliance review process, into the ORT environment, helping in the management of open source compliance.
A tool that allows for the importation of software composition analysis (SCA) scans conducted using the DevAudit tool against the OSS Index vulnerability database, aiding in the identification and management of open-source vulnerabilities.
Use OSV-Scanner to find existing vulnerabilities affecting your project’s dependencies.
A vulnerability assessment tool by Outpost24 that scans networks, applications, and devices to identify security vulnerabilities and provide remediation advice, helping organizations to improve their security posture.
An auditing tool designed to analyze PHP applications for security vulnerabilities, using a set of predefined rules to identify potential security risks and help maintain secure PHP codebases.
A security checker tool for PHP Symfony applications, which scans the project dependencies for known vulnerabilities, aiding developers in maintaining secure and compliant Symfony projects.
A tool that scans Python environments and analyzes installed packages against known vulnerability databases to identify security issues, helping Python developers to maintain secure code by managing vulnerable dependencies.
A source code analyzer for Java, JavaScript, Salesforce.com Apex, PL/SQL, XML, XSL and others, used to detect coding issues, potential bugs, and other discrepancies in code bases, encouraging the maintenance of high-quality code.
A utility tool for scanning Kubernetes clusters to identify potential issues and unused resources, promoting best practices and helping system administrators maintain efficient and secure Kubernetes environments.
This parser imports the Progpilot SAST JSON output.
A Static Application Security Testing (SAST) tool by PWN which analyzes source code to identify security vulnerabilities early in the development process, helping to maintain secure applications.
A feature of Qualys vulnerability management solution that allows for infrastructure scanning, exporting the results in WebGUI XML format, aiding in the detailed analysis and reporting of infrastructure security.
A comprehensive vulnerability management scanning solution by Qualys that helps organizations identify, assess, and manage vulnerabilities in their network environments, promoting a secure and compliant infrastructure.
A web application security scanning solution by Qualys that identifies vulnerabilities and security issues in web applications, providing insights and recommendations to secure web applications effectively.
Red Hat® Satellite is an infrastructure management product specifically designed to keep Red Hat Enterprise Linux® environments and other Red Hat infrastructure running efficiently, with security, and compliant with various standards.
A scanner tool that identifies JavaScript files with known vulnerabilities in your web applications, utilizing a database of known vulnerabilities from Retire.js repository, assisting developers in maintaining secure JavaScript applications.
A tool that facilitates the importation of vulnerability data and other security findings from the Risk Recon platform through its API, aiding organizations in integrating Risk Recon insights into their vulnerability management processes.
A Ruby static code analyzer based on the community Ruby style guide, aiding Ruby developers in maintaining clean and idiomatic Ruby code by identifying and optionally fixing style issues and bugs in Ruby programs.
A security scanning tool that identifies secrets and credentials in codebases, leveraging various scanning techniques to help organizations find and mitigate potential security risks arising from hardcoded secrets in their applications.
A standardized format for the interchange of static analysis results, facilitating the integration of various static analysis tools into a wide range of development and security platforms, promoting interoperable and scalable static analysis workflows.
A security scanning solution by Scantist that identifies vulnerabilities in open-source components used in software development projects, helping organizations manage open-source risks and maintain secure software supply chains.
A multi-cloud security-auditing tool that scans cloud infrastructure and identifies security misconfigurations, helping organizations maintain secure and compliant cloud environments.
A report generated by Semgrep, a customizable, open-source code scanning tool, that outlines the findings in a JSON format, facilitating integration with other tools and in-depth analysis of the scan results.
An open-source security knowledge base including Security Knowledge Framework (SKF) which is an open-source web application that helps you learn and integrate security by design in your web application.
Snyk output file (snyk test --json > snyk.json) can be imported in JSON format.
A tool that identifies and fixes vulnerabilities and license violations in open-source dependencies and container images, helping to secure the application and its open-source components.
A static application security testing (SAST) tool that identifies vulnerabilities in the source code of applications, supporting a wide range of programming languages, and helping to secure applications from the development phase.
A feature in SonarQube that allows for the importation of data via its API, facilitating integration with other tools and enabling organizations to leverage SonarQube’s static code analysis capabilities in diverse environments.
A static code analysis solution that detects bugs, vulnerabilities, and code smells in source code, helping development teams to maintain high code quality and secure applications.
An extended feature of the SonarQube scan that provides detailed reports on the source code analysis, offering in-depth insights and facilitating a comprehensive understanding of the codebase’s health.
A security solution that scans applications to identify open-source risk, policy violations, and security vulnerabilities, helping organizations maintain secure applications by managing risks associated with open-source components.
A static code analysis tool used to identify bugs in Java code, helping developers maintain high-quality code by finding and fixing bugs early in the development process.
ssh-audit is a tool for ssh server & client configuration auditing.
A suite of tools and services by SSL Labs that analyses the configuration of SSL web servers and identifies weaknesses, promoting secure server configurations.
A tool that identifies SSL/TLS versions and cipher suites supported by a server, helping in the configuration review and security assessment of SSL-enabled services.
A Python tool that scans SSL/TLS services to identify misconfigurations and vulnerabilities, providing detailed reports to help maintain secure SSL/TLS configurations.
A feature in SSLyze that outputs the scan results in JSON format, facilitating integration with other tools and automated analysis of SSL/TLS configurations.
A dynamic application security testing (DAST) tool by StackHawk that scans running applications and APIs to identify security issues, assisting in maintaining secure web applications.
Sysdig Secure is part of Sysdig’s container intelligence platform. Sysdig provides a unified platform to deliver security, monitoring, and forensics in a cloud, container and microservices-friendly architecture integrated with Docker and Kubernetes.
A tool that identifies potential secrets in the code before it is pushed to the repository, helping to prevent secret leakage and maintain secure codebases.
A vulnerability management solution that identifies vulnerabilities in networks and applications, providing detailed reports to help organizations maintain a secure and compliant environment.
A static code analysis tool that scans Infrastructure as Code (IaC) to identify security misconfigurations and compliance violations, promoting secure and compliant infrastructure code.
A free tool that checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and more.
A static analysis tool that scans Terraform templates to identify security issues, helping to maintain secure and compliant Terraform configurations.
Threagile enables teams to execute Agile Threat Modeling as seamless as possible, even highly-integrated into DevSecOps environments.
A component of Trivy vulnerability scanner designed for use in Kubernetes environments, facilitating automated scanning of container images and helping to maintain secure Kubernetes deployments.
A simple and comprehensive vulnerability scanner for containers and other artifacts, designed to scan for vulnerabilities in various file systems and application dependencies.
A Python tool that searches through git repositories for high entropy strings, which often indicate secret keys, helping to prevent secrets leakage in codebases.
An iteration of the Trufflehog scanner with additional features and improvements, offering enhanced performance in identifying secrets and sensitive information in code repositories.
A service that integrates with Trustwave Fusion platform, allowing for automated security scanning through its API, facilitating continuous security monitoring and vulnerability management.
A vulnerability scanning solution by Trustwave that can output results in CSV format, facilitating easy analysis and reporting of scan results.
A feature in Prisma Cloud by Palo Alto Networks that scans container images for vulnerabilities, helping to secure containerized applications by identifying and mitigating vulnerabilities in container images.
A tool that scans code repositories for vulnerabilities using various plugins and integrations, helping organizations to identify and remediate vulnerabilities in their codebases.
A suite of security tools by Veracode that scans applications for vulnerabilities in a range of programming languages, helping to secure applications throughout the SDLC.
A tool by Veracode that identifies vulnerabilities in open-source components used in applications, helping developers maintain secure open-source usage.
An AI-powered database and security analysis tool that collects and analyzes vulnerabilities from various sources, providing actionable insights for vulnerability management and security assessments.
An open-source web application vulnerability scanner that identifies various vulnerabilities by “black-box” testing, helping organizations secure their web applications against different threats.
A security information and event management (SIEM) tool that provides log analysis, intrusion detection, vulnerability detection, and other security monitoring capabilities for IT environments.
A feature in the WFuzz tool that exports the results of a security testing process in JSON format, enabling easier integration with other systems and detailed reporting on web application vulnerabilities.
A static code analysis tool that identifies hard-coded secrets and sensitive information in source code, helping to prevent security issues arising from secret leakage.
A cloud-based application security platform that identifies vulnerabilities in applications throughout their lifecycle, providing solutions to help maintain secure applications.
A solution that identifies vulnerabilities in open-source components used in applications, offering automated remediation and compliance reporting to maintain secure open-source usage.
This parser imports scan results from wiz. You have to use Report Type Standard when you export the results. The file format will be .csv which is parsable within DefectDojo.
A black-box WordPress vulnerability scanner that identifies known vulnerabilities in WordPress installations, helping to maintain secure WordPress sites.
A static code analysis tool that identifies security vulnerabilities in web applications, aiding developers in finding and fixing security issues in the early stages of development.
A command in the Yarn package manager that identifies known vulnerabilities in project dependencies, helping to maintain secure Node.js applications by managing vulnerability risks in dependencies.
A security scanning tool part of OWASP ZAP (Zed Attack Proxy) project that identifies vulnerabilities in web applications, facilitating secure development and deployment of web applications.