Skip to content
/ SecObserve Public

SecObserve is an open source vulnerability management system for software development and cloud environments. It supports a variety of open source vulnerability scanners and integrates easily into CI/CD pipelines.

maibornwolff.github.io/secobserve/

License

BSD-3-Clause license
93 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MaibornWolff/SecObserve

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2,089 Commits
.github/workflows
.github/workflows
 
 
backend
backend
 
 
docker
docker
 
 
docs
docs
 
 
end_to_end_tests
end_to_end_tests
 
 
frontend
frontend
 
 
keycloak/h2
keycloak/h2
 
 
sbom
sbom
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.semgrepignore
.semgrepignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
docker-compose-dev-keycloak.yml
docker-compose-dev-keycloak.yml
 
 
docker-compose-dev-mysql.yml
docker-compose-dev-mysql.yml
 
 
docker-compose-dev.yml
docker-compose-dev.yml
 
 
docker-compose-playwright.yml
docker-compose-playwright.yml
 
 
docker-compose-prod-mysql.yml
docker-compose-prod-mysql.yml
 
 
docker-compose-prod-postgres.yml
docker-compose-prod-postgres.yml
 
 
docker-compose-prod-test.yml
docker-compose-prod-test.yml
 
 
docker-compose-unittests.yml
docker-compose-unittests.yml
 
 
docker-compose.yml
docker-compose.yml
 
 
mkdocs.yml
mkdocs.yml
 
 
mkdocs_requirements.txt
mkdocs_requirements.txt
 
 
renovate.json
renovate.json
 
 
so_configuration_code.yml
so_configuration_code.yml
 
 
so_configuration_endpoints.yml
so_configuration_endpoints.yml
 
 
so_configuration_sca_current.yml
so_configuration_sca_current.yml
 
 
so_configuration_sca_dev.yml
so_configuration_sca_dev.yml
 
 

Repository files navigation

SecObserve

SecObserve

OpenSSF Best Practices OpenSSF Scorecard

SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It supports a variety of open source vulnerability scanners and integrates easily into CI/CD pipelines. Results about potential security flaws from various vulnerability scanning tools are made available for assessment and reporting.

Dashboard

Overview

The aim of SecObserve is to make vulnerability scanning and vulnerability management as easy as possible for software development projects using open source tools. It consists of 2 major components:

  • Vulnerability and license management system SecObserve: SecObserve provides the development team with an overview of the results of all vulnerability and license scans for their project, which can be easily filtered and sorted. In the detailed view, the results are displayed uniformly with a wealth of information, regardless of which vulnerability scanner generated them.

    With the help of automatically executed rules and manual assessments, the vulnerability results can be efficiently evaluated to eliminate irrelevant results and accept risks. This allows the development team to concentrate on fixing the relevant vulnerabilities.

  • GitLab CI templates and GitHub actions: Integrating vulnerability scanners into a CI/CD pipeline can be tedious. Each tool has to be installed differently and is called with different parameters. To avoid having to solve this task all over again, there are repositories with GitLab CI Templates and GitHub Actions. These make the process of integrating vulnerability scanners very simple by providing uniform methods for launching the tools and uniform parameters. The tools are regularly updated in the repositories so that the latest features and bug fixes are always available.

    All templates run the scanner, upload the results into SecObserve and make the results of the scans available for download as artefacts in JSON format.

    The sources of the GitHub actions and GitLab CI templates can be found in https://github.com/MaibornWolff/secobserve_actions_templates.

Overview

Integrations

Overview

Documentation

The full documentation how to install and use Secobserve can be found here: https://maibornwolff.github.io/SecObserve/

Code of Conduct

Please note that this project is released with a Code of Conduct. By participating in this project you agree to abide by its terms.

Contributing

Please see the Contributing Guidelines for more information on how to get involved in the project.

License

SecObserve is licensed under the 3-Clause BSD License

About

SecObserve is an open source vulnerability management system for software development and cloud environments. It supports a variety of open source vulnerability scanners and integrates easily into CI/CD pipelines.

maibornwolff.github.io/SecObserve/

Topics

security-automation security-tools devsecops shiftleft

Resources

Readme

License

BSD-3-Clause license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

93 stars

Watchers

5 watching

Forks

7 forks
Report repository

Releases 41

1.21.0 Latest
Oct 30, 2024
+ 40 releases

Contributors 5

Languages