Sonar

Sonar's repositories

argument-injection-vectors

A curated list of argument injection vectors

Language:HTMLGPL-3.03400

public-git-sync

Private to public Git repository synchronization

Language:ShellLGPL-3.0400

OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST), Dynamic (DAST), and Runtime (IAST) tools that support Java. The idea is that since it is fully runnable and all the vulnerabilities are actually exploitable, it’s a fair test for any kind of vulnerability detection tool. For more details on this project, please see the OWASP Benchmark Project home page.

Language:JavaGPL-2.03 90

buildTools

DEPRECATED

Language:PythonLGPL-3.03 160

Damn-Vulnerable-GraphQL-Application

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Language:JavaScriptMIT2 10

goof

Super vulnerable todo list application

Language:JavaScriptApache-2.02 20

juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Language:TypeScriptMIT2 20

official-images

Primary source of truth for the Docker "Official Images" program

Language:ShellApache-2.02 20

skf-labs

Repo for all the OWASP-SKF Docker lab examples

Language:PythonApache-2.02 20

slang-test-sources

2 190

sonar-benchmarks-scores

share ground truths of popular SAST Benchmarks and how Sonar scores on them

LGPL-3.02 110

sonarcloud_example_typescript-sqscanner-travis

TypeScript project analyzed on SonarCloud using Travis

Language:TypeScriptLGPL-3.02 200

WebGoat

WebGoat 8.0

Language:JavaScriptNOASSERTION200

CaYC-research

Clean as You Code research

LGPL-3.0100

css-test-sources

Used for https://github.com/SonarSource/sonar-css ruling

Language:CSS1 170

DSVW

Damn Small Vulnerable Web

Unlicense100

dvna

Damn Vulnerable NodeJS Application

Language:CSSMIT1 20

DVWA

Damn Vulnerable Web Application (DVWA)

Language:PHPGPL-3.01 70

gh-action_dogfood_merge

Language:ShellLGPL-3.01 190

gh-action_nightly_build

Language:ShellLGPL-3.01 50

gh-action_public_git_sync

Language:ShellLGPL-3.01 200

NodeGoat

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

Language:HTMLApache-2.01 20

re-vault-plugins

Building plugins for HashiCorp Vault

LGPL-3.01 140

SecurityShepherd

Web and mobile application security training platform

Language:JavaGPL-3.01 10

vulnerable-node

A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools

Language:JavaScriptNOASSERTION1 20

WebGoat.Net-benchmark

OWASP WebGoat.NET

Language:C#1 10

xvwa

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.

Language:PHPGPL-3.01 10

juliet-test-suite

:microscope: A collection of test cases in the Java language. It contains examples for 112 different CWEs.

Language:Java000