OWASP-Benchmark/BenchmarkJava

OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.

JavaGPL-2.0

Issues

Is Checkmarx CxOne supported?
#234 opened a month ago by junghanlee
1
Push linux/amd64 Docker image
#223 opened 8 months ago by thc202
8
Mismatching JDK versions leads to mvn compile and docker build to fail
#227 opened 7 months ago by mortendaehli
7
Add some new vulnerability types
#203 opened 7 months ago by springkill
5
[BUG] The json file output by semgrep is not correctly scored
#186 opened 8 months ago by zer0yu
11
GPG key error when building the latest version of ubuntu
#193 opened 8 months ago by christinahaig
1
Add Fluid Attacks as a SAST tool to Benchmark
#144 opened 8 months ago by kamadorueda
1
add a new IAST detection tool
#171 opened 8 months ago by exexute
0
My result file can't be identified by the createscorecards.bat
#182 opened 8 months ago by MarkLee131
13
Owasp benchmark version in 2018
#192 opened 8 months ago by kelvimSaidel
5
Assistance Needed with OWASP Benchmark Project for Master's Thesis
#201 opened 8 months ago by sammy2201
2
How to download the dataset
#215 opened 8 months ago by heewonB
2
Cannot generate scorecards from the provided results.xml file
#217 opened 10 months ago by MrHr6874
28
Sonatype URL change for Contrast Java Agent Downloads
#212 opened a year ago by nbuckwalt
6
Exception in thread "main" java.lang.ExceptionInInitializerError
#202 opened a year ago by sania232
4
Issue in SQL testcases including ExecuteBatch function
#209 opened a year ago by kishan-k2io
6
[Q&A] Is ‘file_read’ the desired type of vulnerability in BenchmarkTest00363
#204 opened a year ago by RTxin
2
Trying to create scorecard for Semgrep results but I get empty FluidAttacks scorecard
#199 opened a year ago by simonevallifuoco
4
/usr/bin/jq: Argument list too long
#187 opened 2 years ago by mahdirezaie336
8
deleted
#194 opened 2 years ago by spring-cs-2023
0
Send custom csv file in createScorecards.sh
#191 opened 2 years ago by giper45
8
mvn compile or mvn install - Failed to execute goal com.diffplug.spotless:spotless-maven-plugin.
#184 opened 2 years ago by ebolles
7
createScorecards.bat - Error resolving version for plugin 'org.owasp:benchmarkutils-maven-plugin' from the repositories
#183 opened 2 years ago by ebolles
2
BUILD FAILURE:Failed to execute goal com.diffplug.spotless:spotless-maven-plugin:2.22.1:apply (spotless-apply) on project benchmark: Execution spotless-apply of goal com.diffplug.spotless:spotless-maven-plugin:2.22.1:apply failed: Cannot find git repository in any parent directory
#179 opened 2 years ago by fatshi
4
BenchmarkTest00209 has an insecure hash vulnerability
#180 opened 2 years ago by Nizernizer
2
scripts/runHorusec.sh no longer works
#176 opened 3 years ago by davewichers
9
buildDockerImage script fails
#167 opened 3 years ago by arunmuthu255
3
Scorecard generation for Semgrep may be broken
#166 opened 3 years ago by JoshuaGregoryTR
1
SAXParseException generating Scorecard for SonarQube
#117 opened 4 years ago by akhvee
5
Question: Can Benchmark test tools from python code perspective?
#165 opened 3 years ago by ioanvapi
1
the score may not reflect the tools' performance
#131 opened 3 years ago by NEUZhangy
15
[DepShield] (CVSS 6.1) Vulnerability due to usage of org.owasp.antisamy:antisamy:1.6.3
#161 opened 3 years ago by sonatype-depshield
1
Offline maven compile/run NOT supported
#156 opened 3 years ago by glansbur
3
Adopt Standard Coding Format for Entire Project.
#142 opened 3 years ago by kamadorueda
8
Add a new iAST detection tool
#124 opened 3 years ago by 1229256875
1
[DepShield] (CVSS 7.4) Vulnerability due to usage of org.hibernate:hibernate-core:3.6.10.Final
#153 opened 3 years ago by sonatype-depshield
1
[DepShield] (CVSS 9.8) Vulnerability due to usage of log4j:log4j:1.2.17
#149 opened 3 years ago by sonatype-depshield
1
DepShield encountered errors while building your project
#141 opened 4 years ago by sonatype-depshield
1
unintended cookie attribute injections
#139 opened 4 years ago by maltek
4
Maven build fails inside Docker on Debian Host
#137 opened 4 years ago by alexpostolache
7
Update Contrast Config Params And Edit Instructions for Contrast
#128 opened 4 years ago by zirons1
2
Add CodeQL as a SAST tool to Benchmark
#132 opened 4 years ago by Niweera
1
Update Findbugs/spotbugs parser
#126 opened 4 years ago by BertSchoovaerts
5
Bug in XSS ajax tests?
#120 opened 4 years ago by iosebyte
5
Ask questions
#122 opened 4 years ago by Guodafeng-tl
5
请大佬解答一下对于benchmark项目，mvn命令怎么进行debug调试程序呢
#119 opened 4 years ago by Guodafeng-tl
4
Reader for VisualCodeGrepper
#113 opened 4 years ago by gitnachogo
5
[DepShield] (CVSS 7.3) Vulnerability due to usage of commons-beanutils:commons-beanutils:1.9.3
#100 opened 4 years ago by sonatype-depshield
2
DepShield encountered errors while building your project
#108 opened 4 years ago by sonatype-depshield
0
Expected results file extensions?
#104 opened 4 years ago by LuisVentuzelos
6