Skip to main content

Automated Security Testing Tool

secureCodeBox is an OWASP project providing an automated and scalable open source solution that integrates multiple security scanners with a simple and lightweight interface – for continuous and automated security testing.

Get Started

Identify Vulnerabilities in your Network and Applications

Use the power of leading open source security testing tools with the first of its kind open source multi-scanner platform to run routine scans continuously and automatically on your network infrastructure or applications.

Powerful Scanning Tools

Combines more than 15 different Scanners to provide a comprehensive overview of threats and vulnerabilities affecting your network and applications.

SDLC

Easily integrate the secureCodeBox into your CI/CD pipeline or Kubernetes environment with automated feedbacks.

Multi-Layer Testing

Allowing security tests on different layers – from deep dive Scans of single Applications to large-scale scanning of complete it landscapes.

Easy Monitoring

Easily monitor each scanner's results through pre-designed or customised dashboards, use a tool integration such as. DefectDojo or integrate persistence tool of your choice.

Security Use Cases

Flexible configuration options make it possible to apply the secureCodeBox to a wide range of use cases, addressing security professionals as well as DevOps Teams. Discover the possibilities:

Your Go-to Solution for easy Security Scanning

secureCodeBox offers a well-documented and beginner-friendly introduction to the world of DevSecOps:
  • It's a quick and straight forward installation. It works on every system and is ready to use from start.
  • You can start scans without any configuration right away and use best practice tests. But each scanner also provides extensive configuration options.
  • Our architecture is designed for open flexibility and free adjustments. New tools can be integrated fairly simple and you can design your own scan and monitor process.
  • Separately configurable for multiple teams, systems or clusters.

Multi Scanner Security Platform

Combining more than 15 leading Open-Source Scanning Tools secureCodeBox covers a broad spectrum of possible threats and vulnerabilities for your network and applications; ranging from Kubernetes vulnerabilities, over SSL misconfigurations, to network authentication bruteforcing and many more:

Scanners

Amass

Amass (Network)

Subdomain Enumeration Scanner

CMSeeK

CMSeeK (CMS)

Automation of the process of detecting the Joomla CMS and its core vulnerabilities

doggo

doggo (Network)

DNS client (like dig)

ffuf

ffuf (Webserver)

Webserver and WebApplication Elements and Content Discovery

Git Repo Scanner

Git Repo Scanner (Repository)

Discover Git repositories

Gitleaks

Gitleaks (Repository)

Find potential secrets in repositories

Kube Hunter

Kube Hunter (Kubernetes)

Kubernetes Vulnerability Scanner

Kubeaudit

Kubeaudit (Kubernetes)

Kubernetes Configuration Scanner

Ncrack

Ncrack (Authentication)

Network authentication bruteforcing

Nikto

Nikto (Webserver)

Webserver Vulnerability Scanner

Nmap

Nmap (Network)

Network discovery and security auditing

Nuclei

Nuclei (Website)

Nuclei is a fast, template based vulnerability scanner.

Screenshooter

Screenshooter (WebApplication)

Takes Screenshots of websites

Semgrep

Semgrep (Repository)

Static Code Analysis

SSH-audit

SSH-audit (SSH)

SSH Configuration and Policy Scanner

SSH

SSH (SSH)

SSH Configuration and Policy Scanner

SSLyze

SSLyze (SSL)

SSL/TLS Configuration Scanner

Trivy SBOM

Trivy SBOM (Container)

Container Dependency Scanner

Trivy

Trivy (Container)

Container Vulnerability Scanner

Typo3Scan

Typo3Scan (CMS)

Automation of the process of detecting the Typo3 CMS and its installed extensions

Whatweb

Whatweb (Network)

Website identification

WPScan

WPScan (CMS)

Wordpress Vulnerability Scanner

ZAP Advanced

ZAP Advanced (WebApplication)

WebApp & OpenAPI Vulnerability Scanner extend with authentication features

ZAP

ZAP (WebApplication)

WebApp & OpenAPI Vulnerability Scanner

Hooks

Azure Monitor

Azure Monitor (persistenceProvider)

Publishes all Scan Findings to Azure Monitor.

Cascading Scans

Cascading Scans (processing)

Cascading Scans based declarative Rules.

DefectDojo

DefectDojo (persistenceProvider)

Publishes all Scan Reports to OWASP DefectDojo.

Dependency-Track

Dependency-Track (persistenceProvider)

Publishes all CycloneDX SBOMs to Dependency-Track.

Elasticsearch

Elasticsearch (persistenceProvider)

Publishes all Scan Findings to Elasticsearch.

Finding Post Processing

Finding Post Processing (dataProcessing)

Updates fields for findings meeting specified conditions.

Generic WebHook

Generic WebHook (integration)

Publishes Scan Findings as WebHook.

Notification WebHook

Notification WebHook (integration)

Publishes Scan Summary to MS Teams, Slack and others.

Static Report

Static Report (persistenceProvider)

Publishes all Scan Findings as HTML Report.

Update Field

Update Field (dataProcessing)

Updates fields in finding results.

About us

secureCodeBox is an Open-Source project in cooperation with OWASP and with friendly support from iteratec.

OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Do you have questions or feedback about secureCodeBox?

Get in contact and let us know:
Get in contact
Role image

Robert Felber

Inventor
Role image

Sven Strittmatter

Core Team
Role image

Jannik Hollenbach

Core Team

Sponsors