Codeburner
What is Codeburner?#
Codeburner is a tool to help security (and dev!) teams manage the chaos of static code analysis. Sure, you can fire off a bunch of scripts at the end of every CI build... but what do you actually DO with all those results?
Codeburner uses the OWASP pipeline project to run multiple open source and commercial static analysis tools against your code, and provides a unified (and we think rather attractive) interface to sort and act on the issues it finds.
Key Features#
- Asynchronous scanning (via sidekiq) that scales
- Advanced false positive filtering
- Publish issues via GitHub or JIRA
- Track statistics and graph security trends in your applications
- Integrates with a variety of open source and commercial scanning tools
- Full REST API for extension and integration with other tools, CI processes, etc.
Supported Tools#
- Brakeman
- Bundler-Audit
- Checkmarx**
- Dawnscanner
- FindSecurityBugs
- NodeSecurityProject
- PMD
- Retire.js
- Snyk
** commercial license required