Skip to main content
  • Log in
  • Manage Cookies
projects.eclipse.org
Download
  • Projects
  • Working Groups
  • Members
  • Community
    • Marketplace
    • Events
    • Planet Eclipse
    • Newsletter
    • Videos
    • Blogs
  • Participate
    • Report a Bug
    • Forums
    • Mailing Lists
    • Wiki
    • IRC
    • Research
  • Eclipse IDE
    • Download
    • Learn More
    • Documentation
    • Getting Started / Support
    • How to Contribute
    • IDE and Tools
    • Newcomer Forum
  • More

      • Community

      • Marketplace
      • Events
      • Planet Eclipse
      • Newsletter
      • Videos
      • Blogs

      • Participate

      • Report a Bug
      • Forums
      • Mailing Lists
      • Wiki
      • IRC
      • Research

      • Eclipse IDE

      • Download
      • Learn More
      • Documentation
      • Getting Started / Support
      • How to Contribute
      • IDE and Tools
      • Newcomer Forum
  1. Home
  2. Projects
  3. Eclipse Technology
  4. Eclipse Steady

Eclipse Steady

Primary tabs

  • Overview(active tab)
  • Downloads
  • Who's Involved
  • Developer Resources
  • Governance
  • Contact Us

Discover, assess and mitigate known vulnerabilities

Steady supports software development organizations in regards to the secure use of open-source components during application development.

As such, Steady addresses the OWASP Top 10 security risk A9, Using Components with Known Vulnerabilities, which is often the root cause of data breaches.

Steady analyzes Java and Python applications in order to:

  • detect whether they depend on open-source components with known vulnerabilities,
  • collect evidence regarding the execution of vulnerable code in a given application context (through the combination of static and dynamic analysis techniques), and
  • support developers in the mitigation of such dependencies.

In comparison to other tools, the detection is code-centric and usage-based, which allows for more accurate detection and assessment than tools relying on meta-data.

Running Steady in your organization requires the operation of several Docker containers that serve as a backend for client-side scanners, e.g., plugins for Maven and Gradle The latter are commonly invoked at development or build time, e.g., on developer workstations or in CI/CD pipelines.

Licenses: 
Apache License, Version 2.0
Active Member Companies: 
Member companies supporting this project over the last three months.
Contribution Activity: 
Commits on this project (last 12 months).
Contributors: 
Henrik Plate
Serena Ponta
Antonino Sabetta
Alessandro Pezze'
Cedric DANGREMONT
Hoang Quoc Trung
Sumeet Patil
Incubating - Eclipse SteadyEclipse Steady

Project Links

  • Getting Started
  • Documentation

Related Projects

Related Projects:

  • Eclipse Technology
    • Eclipse SW360
  • Eclipse SW360
    • Eclipse SW360antenna

Project Hierarchy:

  • Eclipse Technology
  • Eclipse Steady

Tags

Technology Types
  • Testing
  • Tools
Build Technologies
  • Maven

The 2020 Jakarta Developer Survey Results are Now Available

Download the Results of the Enterprise Java Ecosystem's Leading Survey Today!

Get The Results

Eclipse Foundation

  • About Us
  • Contact Us
  • Donate
  • Members
  • Governance
  • Code of Conduct
  • Logo and Artwork
  • Board of Directors

Legal

  • Privacy Policy
  • Terms of Use
  • Copyright Agent
  • Eclipse Public License
  • Legal Resources

Useful Links

  • Report a Bug
  • Documentation
  • How to Contribute
  • Mailing Lists
  • Forums
  • Marketplace

Other

  • IDE and Tools
  • Projects
  • Working Groups
  • Research@Eclipse
  • Report a Vulnerability
  • Service Status

Copyright © Eclipse Foundation, Inc. All Rights Reserved.

Back to the top