This architecture is much more resource efficient. Therefore we implemented a Kubernetes operator which schedules security scans as kubernetes jobs. The secureCodeBox architecture is based on Kubernetes Custom Ressource Definitions (CRDs) and follows a function as a service (FaaS) principle. Also we will try to integrate existing OWASP Projects as building blocks in our platform. Secondly we try to foster a broad range of security tools to be easily integrated. The flexibility and scalability of the platform architecture leads to features like multi tenancy support, large scale (multi-) project testing, support of distributed and private networks, customisable security test flows, which enables projects to test complex environments without implementing the complete security testing infrastructure on their own.
Our main goal is to implement a major security testing platform and framework which enables developers and teams to integrate a bunch of security testing tools in their CI/CD environment or kubernetes environment as easy as possible. For more information about this project, please have look at our GitHub Repo secureCodeBox or online documentation. We strongly recommend to run extensive tests by experienced penetration testers on all your applications. The purpose of secureCodeBox is not to replace the penetration testers or make them obsolete.
With secureCodeBox we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues. Its goal is to orchestrate and easily automate a bunch of security-testing tools out of the box.
#Www codebox software#
The OWASP secureCodeBox Project is a kubernetes based, modularized toolchain for continuous security scans of your software project.
0 kommentar(er)
