Security Scan Tools

konrad.sopala · May 29, 2023, 12:27pm

Problem statement

Is there any security scans report available like Fortify scan, Sonar scan, Blackduck etc. for the Deploy CLI and Management Client npm packages? Our security team is looking for security assessment

Solution

We don’t have publicly shareable reports however, we use the following tools for security analysis as of today

Dynamic Application Security Tools:
Detectify: Web application Scanning
StackHawk: API scanning

Static Application Security Tools:
SemGrep: Code scanning
Snyk: SCA(Software Composition Analysis) scanning for dependencies and containers

Infrastructure Security Tools:
InsightVM"

Topic		Replies	Views
Is an API for attack protection/bot detection available? Help bot-detection , attack-protection	3	1981	September 27, 2022
Security Confidence with the Readiness Check Tool Blog Discussions	1	348	January 10, 2024
Auth0 and Splunk Provide Enhanced Security and Operational Monitoring and Insights Blog Discussions	3	3090	March 7, 2022
Important - Auth0 Public Disclosure Announcements announcements	3	9248	August 27, 2019
Security Review Question Help security-question-concern , security-compliance	1	745	August 31, 2023

Security Scan Tools

Problem statement

Solution

Related topics