Security Tools

• OWASP community pages: https://owasp.org/www-community/

SAST

• Static Application Security Testing
• aka Source Code Analysis or Static Code Analysis
• Example Tools:
  • Checkmarx
  • Sonarqube
  • CodeQL (from Github Advanced Security)
• Ref: https://owasp.org/www-community/Source_Code_Analysis_Tools

SCA

• Software Composition Analysis tool
• Identifies the open source/third party software (libraries) in a codebase. (aka dependencies)
• Evaluate security, license compliance, and code quality.
• Example Tools:
  • Blackduck
  • Synk
  • Github (Github bots warn about vulnerabilities)
• Ref: https://owasp.org/www-community/Component_Analysis