Tools

Credential scanning

• https://github.com/deepfence/SecretScanner

Software Bill of Materials

• https://www.veracode.com/blog/managing-appsec/how-generate-sbom-veracode-sca
• https://github.com/microsoft/sbom-tool

Static Application Security Testing

• https://www.veracode.com/products/binary-static-analysis-sast
• https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html
• https://docs.gitlab.com/ee/user/application_security/sast/

Software Composition Analysis

• https://www.veracode.com/products/software-composition-analysis
• https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html
• https://docs.gitlab.com/ee/user/application_security/dependency_scanning/
• https://docs.github.com/en/code-security/dependabot/working-with-dependabot

Dynamic Application Security Testing

• https://www.veracode.com/products/dynamic-analysis-dast
• https://www.synopsys.com/software-integrity/security-testing/dast.html
• https://docs.gitlab.com/ee/user/application_security/dast/
• https://portswigger.net/burp/application-security-testing/dast