From 43eba66a31a126735ac9f6e1148a204c22620f01 Mon Sep 17 00:00:00 2001 From: Dawood Ikhlaq Date: Thu, 17 Oct 2024 16:08:27 +0200 Subject: [PATCH] Update README.md adds vulert in different section --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index e99fd4d..a3be99d 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,7 @@ Curated list of security tools ## Mutliple Languages +- [Vulert](https://vulert.com/) 💰 - Vulert continuously monitors open-source dependencies for vulnerabilities, recommends fixes, and ensures license compliance—all without needing installation or codebase access. It supports all major programming languages. - [Synk](https://snyk.io/) 💰 - Automatically find, prioritize and fix vulnerabilities in your open source dependencies throughout your development process - [Aqua](https://www.aquasec.com/products/container-vulnerability-scanning/) 💰 - Aqua’s CyberCenter feed is updated daily, providing extensive OS and programming language coverage, application dependency detection, and reduction in false positives and false negatives based on proprietary algorithms reconciling multiple sources (NVD, vendor advisories, and Aqua research) - [Hawkeye](https://github.com/hawkeyesec/scanner-cli) - The Hawkeye scanner-cli is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks and your pipelines. @@ -71,6 +72,7 @@ Most of the above tools have plugins support. Below are the some of the plugins. # SCA +- [Vulert](https://vulert.com/) - Vulert continuously monitors open-source dependencies for vulnerabilities, recommends fixes, and ensures license compliance—all without needing installation or codebase access. It supports all major programming languages. - [OWASP Dependency Track](https://dependencytrack.org/) - Continuous Component Analysis Platform - [Nexus lifecycle](https://www.sonatype.com/nexus/lifecycle) - Take full control of your software supply chain with Nexus Lifecycle. Integrate precise and accurate component intelligence directly into the development tools. - [WhiteHat Sentinel SCA](https://www.whitehatsec.com/platform/software-composition-analysis/) - Analyzes applications for third parties and open source software to detect illegal, dangerous, or outdated code. Accelerate the time-to-market for your applications by safely and confidently utilizing open source code. @@ -175,6 +177,7 @@ Most of the above tools have plugins support. Below are the some of the plugins. # OSS License Scanner +- [Vulert](https://vulert.com) - Vulert continuously monitors open-source dependencies for vulnerabilities, recommends fixes, and ensures license compliance—all without needing installation or codebase access. It supports all major programming languages. - [License Finder](https://github.com/pivotal/LicenseFinder) - LicenseFinder works with your package managers to find dependencies, detect the licenses of the packages in them, compare those licenses against a user-defined list of permitted licenses, and give you an actionable exception report. - [Fossa](https://fossa.com/) 💰 - Get continuous compliance with code SCA featuring audit-grade reporting and comprehensive dependency inventory. - [WhiteSource](https://www.whitesourcesoftware.com/) 💰 - Detect and remediate open source security and compliance issues in real-time, without the headache @@ -189,6 +192,7 @@ Most of the above tools have plugins support. Below are the some of the plugins. # Container Scanner +- [Vulert](https://vulert.com) - Vulert continuously monitors docker images for vulnerabilities, recommends fixes —all without needing installation or codebase access. It supports all major programming languages. - [Trivy](https://github.com/aquasecurity/trivy) The most comprehensive and easy-to-use open source vulnerability scanner for container images - [Anchore inline-scan container](https://github.com/anchore/ci-tools) - Anchore container analysis and scan provided as inline scanner - [grype](https://github.com/anchore/grype) A vulnerability scanner for container images and filesystems