owasp/glue

Sponsored OSS

By OWASP

Updated about 5 years ago

Run various OWASP (and other) security tools and collect consolidated output.

Image
Integration & Delivery
Security

100K+

Glue is a ruby program that takes different kinds of security tools, runs them and conslidates the output, then pushes it to various formats (csv, jira, text). It is intended to make it easier to inject security analysis into whatever part of your build and deploy pipeline that you want.

A common use case might be: run glue in its docker image from jenkins nightly and push the output of applicable tools to JIRA as issues in a project for review.

It currently runs:

  • Brakeman
  • Bundler Audit
  • OWASP Dependency Check
  • Retire.js
  • eslint

It also has experimental support for:

  • ZAP (via API)
  • PMD
  • FindSecurityBugs
  • Checkmarx

Docker Pull Command

docker pull owasp/glue