CandyShop is a DevSecOps project for cybersecurity professionals to access the most popular vulnerability scanning tool results to compare and understand the capabilities.
Test Beds: OWASP JuiceShop, Broken Crystals, Altoro Mutual and Vulnerable Flask App
Scanning Tools: semgrep, CodeQL, nodejsscan, Nuclei, OWASP ZAP, Dependabot, Dependency Check, Trivy and Grype
:quality(100))
We've used 20+ built-in open-source vulnerability scanners in Kondukto to detect;
:quality(50))
:quality(50))
You will have full access to vulnerability details to benchmark the performance of different scanners.
You can add comments, screenshots or additional information to help triage and even send false positive requests that will be approved by the platform's admin.
You can help with triaging security issues and we can get accuracy/coverage-related metrics for each tool.
This way you can also compare the performance of your commercial tools against open-source scanners to validate the added value.
:quality(50))
:quality(50))
We've used the most popular intentionally vulnerable applications to monitor open-source security scanner performances.
Credits:
