Pinned Repositories
cassandra-migration
Database migration (evolution) tool for Apache Cassandra
contrast-rO0
A tiny Java agent that blocks attacks against unsafe deserialization
contrastscan-action
Contrast Scan GitHub action
DjanGoat
Python and Django implementation of the OWASP RailsGoat project
go-test-bench
Intentionally vulnerable Go web app.
java-sarif
POJOs generated from the Static Analysis Results Interchange Format (SARIF) JSON schema.
jinfinity
An API for consuming all the memory of Java apps using deserialization
joogle
A static analysis API for finding deserialization attack gadgets
safelog4j
Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading
Spring-Kafka-POC-CVE-2023-34040
POC for Spring Kafka Deserialization Vulnerability CVE-2023-34040
Contrast Security OSS's Repositories
Contrast-Security-OSS/safelog4j
Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading
Contrast-Security-OSS/agent-operator
A K8s operator to inject agents into existing K8s workloads.
Contrast-Security-OSS/vulnerable-spring-boot-application
Contrast-Security-OSS/contrast-sca-action
Contrast SCA GitHub Action
Contrast-Security-OSS/contrast-sdk-dotnet
.Net API for the Contrast REST API
Contrast-Security-OSS/contrast-teamserver-api-docs
Contrast-Security-OSS/demo-terracotta-bank
Contrast-Security-OSS/integration-verify-github-action
GitHub Action to verify an application by determining whether the application violates a job outcome policy or threshold of open vulnerabilities
Contrast-Security-OSS/demo-petclinic
Contrast-Security-OSS/CSVDLTool
CSVDLTool is a tool that can export information on vulnerabilities and libraries in CSV format.
Contrast-Security-OSS/Dependabot-Dashboard
Dependabot Dashboard fork adapted for Github Enterprise Cloud
Contrast-Security-OSS/agent-operator-images
Images of agents for the agent-operator.
Contrast-Security-OSS/Benchmark
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.
Contrast-Security-OSS/contrast-documentation-rss
Contrast Documentation RSS
Contrast-Security-OSS/contrast-go-installer
install contrast-go from the command line
Contrast-Security-OSS/contrast-local-scan-action
Contrast Local Scanner Github action
Contrast-Security-OSS/helm-charts
Charts, Helm Chats everywhere!
Contrast-Security-OSS/node-route-metrics
@contrast/route-metrics records the time it takes for routes to complete and writes them to a log. Included in the package is `log-reporter` which can be used to output the logged information in various formats.
Contrast-Security-OSS/assess-policy-as-code
Output Contrast Assess rule policy as code
Contrast-Security-OSS/azure-pipelines-contrast-cli
Azure pipeline examples using the Contrast CLI
Contrast-Security-OSS/contrast-continuous-application-security-plugin
Jenkins Plugin from Contrast Security
Contrast-Security-OSS/contrast-hde
Scripts and utilities to manage and launch Contrast Security demo workstations in AWS
Contrast-Security-OSS/contrast-intillij-plugin-v2
New Intellij Plugin
Contrast-Security-OSS/eslint-config
Base eslint configuration for Contrast Node projects
Contrast-Security-OSS/find-package-json
Look up through directories to find package.json
Contrast-Security-OSS/migrate-users-and-groups
Migrate Contrast users and groups from one instance/organization to another
Contrast-Security-OSS/node-code-events
Create handler for v8 code events
Contrast-Security-OSS/PyGoat
Contrast-Security-OSS/repository-permissions-updater
Artifactory permissions synchronization tool and data set
Contrast-Security-OSS/secobs-semantic-conventions