Discover, assess and mitigate known vulnerabilities
Steady supports software development organizations in regards to the secure use of open-source components during application development.
As such, Steady addresses the OWASP Top 10 security risk A9, Using Components with Known Vulnerabilities, which is often the root cause of data breaches.
Steady analyzes Java and Python applications in order to:
- detect whether they depend on open-source components with known vulnerabilities,
- collect evidence regarding the execution of vulnerable code in a given application context (through the combination of static and dynamic analysis techniques), and
- support developers in the mitigation of such dependencies.
In comparison to other tools, the detection is code-centric and usage-based, which allows for more accurate detection and assessment than tools relying on meta-data.
Running Steady in your organization requires the operation of several Docker containers that serve as a backend for client-side scanners, e.g., plugins for Maven and Gradle The latter are commonly invoked at development or build time, e.g., on developer workstations or in CI/CD pipelines.
The content of this open source project is received and distributed under the license(s) listed above. Some source code and binaries may be distributed under different terms. Specific license information is provided in file headers and in NOTICE files distributed with the project's binaries.
From June 30th, 2021 to June 30th, 2021