Pinned Repositories
veracode-collections-report
Produces a PDF report summarizing the security state of a Collection in the Veracode Platform.
veracode-collections-sbom
Generate a CycloneDX SBOM across multiple applications that are part of a Veracode Collection.
veracode-community-projects
Unofficial list of interesting projects that build on the Veracode APIs.
veracode-mitigation-copier
Copies mitigations from one Veracode profile to another if it's the same flaw based on the following flaw attributes: issueid, cweid, type, sourcefile, and line. The script will copy all proposed and accepted mitigations for the flaw. The script will skip a flaw in the copy_to build if it already has an accepted mitigation.
veracode-mitigation-rejector
Identifies and optionally rejects self-approved mitigations on policy-violating findings.
veracode-pipeline-mitigation
Retrieves findings with APPROVED mitigations from an application's policy scan (or sandbox) and creates a baseline file for Pipeline Scan. Mitigations in a "proposed" state will not be retrieved.
veracode-pipeline-script-template
Create a Pipeline Scan command line based on application and policy settings from Veracode
veracode-policy-examples
A collection of example application security "policies as code" that can be added to your Veracode organization account using the process below.
veracode-user-bulk-role-assign
Uses the Veracode Identity API to add roles (Security Labs User, Greenlight IDE User, or eLearning) to existing users.
veracode-api-py
Python helper library for working with the Veracode APIs. Handles retries, pagination, and other features of the modern Veracode REST APIs.
tjarrettveracode's Repositories
tjarrettveracode/veracode-scan-counts
Identify Veracode application profiles with one or more static scans in an incomplete state.
tjarrettveracode/veracode-app-profiles-export
Export a list of applications and all the profile properties to CSV.
tjarrettveracode/veracode-policy-examples
A collection of example application security "policies as code" that can be added to your Veracode organization account using the process below.
tjarrettveracode/veracode-pipeline-script-template
Create a Pipeline Scan command line based on application and policy settings from Veracode
tjarrettveracode/awesome-sca
A comprehensive list of software composition analysis tools.
tjarrettveracode/Benchmark
OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.
tjarrettveracode/bunny
A template like JSP&GSP
tjarrettveracode/click2cat
Chrome extension for Click2Cat
tjarrettveracode/cloudgoat
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
tjarrettveracode/DVNA
Damn Vulnerable Node Application
tjarrettveracode/dvws-node
Damn Vulnerable Web Service is a vulnerable web service/API/application that can be used to learn webservices/API vulnerabilities.
tjarrettveracode/electionguard-python
This repository is a "reference implementation" of ElectionGuard written in Python. This implementation can be used to conduct End-to-End Verifiable Elections as well as privacy-enhanced risk-limiting audits.
tjarrettveracode/fprime
F' - A flight software and embedded systems framework
tjarrettveracode/grails-javamelody-sample-app
Grails sample application using the Javamelody 1.44 plugin to illustrate the CVE-2013-4378 vulnerability.
tjarrettveracode/NodeGoat
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
tjarrettveracode/play-webgoat
A vulnerable Play application for attackers.
tjarrettveracode/PrivateBin
A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
tjarrettveracode/Serverless-Goat
OWASP ServerlessGoat: a serverless application demonstrating common serverless security flaws
tjarrettveracode/veracode-ci
tjarrettveracode/veracode-cli-shortcuts
Collection of handy CLI shortcuts for Veracode APIs
tjarrettveracode/veracode-dyn-hello-world
Simple script that demonstrates how to use veracode-api-py to create a Dynamic Analysis based on simple input.
tjarrettveracode/Veracode-manual-for-GitHub
tjarrettveracode/veracode-offboard
Deactivates a provided list of users on the Veracode Platform.
tjarrettveracode/veracode-onboard-app
Onboarding tool that provisions a new team, API User, application profile, and SCA Agent workspace in Veracode so that a team can get working quickly.
tjarrettveracode/veracode-sca-license-report
Get a CSV report of the licenses for the libraries in your Veracode SCA Agent workspace.
tjarrettveracode/veracode-static-bom
Get a quick list of modules with findings identified by a Veracode static scan.
tjarrettveracode/veracode-to-csv
Outputs one CSV file per scan per application profile visible in a Veracode platform account.
tjarrettveracode/veracode-workspace-auto-create
Uses the Veracode Agent Based Scan API and other Veracode REST APIs to automatically create a workspace for application profiles in a Veracode organization.
tjarrettveracode/VulnerableApp
OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
tjarrettveracode/www-community
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.