Open-AppSec

Overview

A next-generation application security testing tool for detecting vulnerabilities and protecting applications.

Features

• Hybrid Mode: Combines static analysis with dynamic analysis to detect more vulnerabilities.
• Machine Learning (ML): Uses ML models to improve accuracy and reduce false positives.
• Customization: Allows users to customize scans, including setting specific vulnerability findings and excluding certain files or directories.
• Integration: Integrates with other tools and platforms for a comprehensive security posture.

Building the Agent Code

==========================

• cd openappsec/
• cmake -DCMAKE_INSTALL_PREFIX=build_out .
• make install
• make package

Placing the Agent Code inside an Alpine Docker Image

=====================================================

• make docker

Deployment of the Agent Docker Image as a Container

======================================================

1. Add image to accessible registry.
2. Obtain agent token from Management Portal and Enforce (if using UI).
3. Run container with:
   • -d for detached mode.
   • -name to specify the container name.
   • -v for persistent volume mounts.
   • -e for setting environment variables (optional).
   • --token or --standalone (if using token).

Example: docker run -d --name=agent-container ...

Contributing

================

• See Contributing Guidelines

Security

=============

Security Audit

The open-AppSec code was audited by an independent third party in September-October 2022.

Reporting security vulnerabilities

If you've found a vulnerability or potential vulnerability, please report it to [email protected].

License

Apache 2.0 license (basic ML model) and Machine Learning Model license (advanced ML model).

> Visit open appsec Website <