Glue is a ruby program that takes different kinds of security tools, runs them and conslidates the output, then pushes it to various formats (csv, jira, text). It is intended to make it easier to inject security analysis into whatever part of your build and deploy pipeline that you want.
A common use case might be: run glue in its docker image from jenkins nightly and push the output of applicable tools to JIRA as issues in a project for review.
It currently runs:
- Bundler Audit
- OWASP Dependency Check
It also has experimental support for:
- ZAP (via API)