Eclipse Steady

Discover, assess and mitigate known vulnerabilities

Steady supports software development organizations in regards to the secure use of open-source components during application development.

As such, Steady addresses the OWASP Top 10 security risk A9, Using Components with Known Vulnerabilities, which is often the root cause of data breaches.

Steady analyzes Java and Python applications in order to:

  • detect whether they depend on open-source components with known vulnerabilities,
  • collect evidence regarding the execution of vulnerable code in a given application context (through the combination of static and dynamic analysis techniques), and
  • support developers in the mitigation of such dependencies.

In comparison to other tools, the detection is code-centric and usage-based, which allows for more accurate detection and assessment than tools relying on meta-data.

Running Steady in your organization requires the operation of several Docker containers that serve as a backend for client-side scanners, e.g., plugins for Maven and Gradle The latter are commonly invoked at development or build time, e.g., on developer workstations or in CI/CD pipelines.

State
Incubating
Latest Releases

From 2021-06-30 to 2021-06-30

Name Date Review
3.2 2021-06-30
Licenses
Apache License, Version 2.0

The content of this open source project is received and distributed under the license(s) listed above. Some source code and binaries may be distributed under different terms. Specific license information is provided in file headers and in NOTICE files distributed with the project's binaries.

Active Member Companies

Member companies supporting this project over the last three months.

    Contribution Activity
    Commits on this project (last 12 months)