Search code, repositories, users, issues, pull requests...
Eclipse Steady supports software development organizations in regards to the secure use of open-source components during application development. The tool analyzes Java applications in order to:
As such, it addresses the OWASP Top 10 security risk A6, Vulnerable and Outdated Components, which is often the root cause of data breaches: snyk.io/blog/owasp-top-10-breaches
In comparison to other tools, the detection is code-centric and usage-based, which allows for more accurate detection and assessment than tools relying on meta-data. It is a collection of client-side scan tools, microservices and rich OpenUI5 Web frontends.
As a consequence, we recommend Steady primarily for organizations that can afford (a) hosting Steady on their internal cloud and (b) dedicating resources to contribute to the vulnerability information in Project KB.
The Steady backend, a Docker Compose application, stores information about open-source vulnerabilities and scan results. It has to be installed once, ideally on a dedicated host, and must be running during application scans.
