Skip to main content
  • Log in
  • Manage Cookies
projects.eclipse.org
Download
  • Projects
  • Working Groups
  • Members
  • Community
    • Marketplace
    • Events
    • Planet Eclipse
    • Newsletter
    • Videos
    • Blogs
  • Participate
    • Report a Bug
    • Forums
    • Mailing Lists
    • Wiki
    • IRC
    • Research
  • Eclipse IDE
    • Download
    • Learn More
    • Documentation
    • Getting Started / Support
    • How to Contribute
    • IDE and Tools
    • Newcomer Forum
  • More
      • Community

      • Marketplace
      • Events
      • Planet Eclipse
      • Newsletter
      • Videos
      • Blogs
      • Participate

      • Report a Bug
      • Forums
      • Mailing Lists
      • Wiki
      • IRC
      • Research
      • Eclipse IDE

      • Download
      • Learn More
      • Documentation
      • Getting Started / Support
      • How to Contribute
      • IDE and Tools
      • Newcomer Forum
    • Search

  1. Home
  2. Projects
  3. Eclipse Technology
  4. Eclipse Steady

Eclipse Steady

Primary tabs

  • Overview(active tab)
  • Downloads
  • Who's Involved
  • Developer Resources
  • Governance
  • Contact Us

Discover, assess and mitigate known vulnerabilities

Steady supports software development organizations in regards to the secure use of open-source components during application development.

As such, Steady addresses the OWASP Top 10 security risk A9, Using Components with Known Vulnerabilities, which is often the root cause of data breaches.

Steady analyzes Java and Python applications in order to:

  • detect whether they depend on open-source components with known vulnerabilities,
  • collect evidence regarding the execution of vulnerable code in a given application context (through the combination of static and dynamic analysis techniques), and
  • support developers in the mitigation of such dependencies.

In comparison to other tools, the detection is code-centric and usage-based, which allows for more accurate detection and assessment than tools relying on meta-data.

Running Steady in your organization requires the operation of several Docker containers that serve as a backend for client-side scanners, e.g., plugins for Maven and Gradle The latter are commonly invoked at development or build time, e.g., on developer workstations or in CI/CD pipelines.

Licenses: 
Apache License, Version 2.0

The content of this open source project is received and distributed under the license(s) listed above. Some source code and binaries may be distributed under different terms. Specific license information is provided in file headers and in NOTICE files distributed with the project's binaries.

Latest Releases: 

From June 30th, 2021 to June 30th, 2021

NameDateReview
3.22021-06-30
Active Member Companies: 
Member companies supporting this project over the last three months.
    Contribution Activity: 
    Commits on this project (last 12 months).

    Project Links

    • Getting Started
    • Documentation
    Incubating - Eclipse Steady

    Related Projects

    Related Projects:

    • Eclipse Technology
      • Eclipse SW360
    • Eclipse SW360
      • Eclipse SW360antenna

    Project Hierarchy:

    • Eclipse Technology
    • Eclipse Steady

    Tags

    Technology Types
    • Testing
    • Tools
    Build Technologies
    • Maven

    Eclipse Foundation

    • About Us
    • Contact Us
    • Sponsor
    • Members
    • Governance
    • Code of Conduct
    • Logo and Artwork
    • Board of Directors
    • Careers

    Legal

    • Privacy Policy
    • Terms of Use
    • Copyright Agent
    • Eclipse Public License
    • Legal Resources

    Useful Links

    • Report a Bug
    • Documentation
    • How to Contribute
    • Mailing Lists
    • Forums
    • Marketplace

    Other

    • IDE and Tools
    • Projects
    • Working Groups
    • Research@Eclipse
    • Report a Vulnerability
    • Service Status

    Copyright © Eclipse Foundation. All Rights Reserved.

    Back to the top