Skip to main content

Introducing SAST Scanning With secureCodeBox 3.3

· 12 min read
Max Maass
Core Developer

A magnifying glass pointed at a laptop keyboard

Cover photo by Agence Olloweb on Unsplash.

With secureCodeBox 3.3, we have added several features that allow you to use secureCodeBox for static application security testing (SAST). This blog post gives an introduction to how several new features of secureCodeBox 3.3 can be used to quickly run targeted SAST scans of your entire codebase. By the end of this post, you will know how to build a SAST workflow to detect which of your repositories include a malicious dependency. We will cover all steps of the process: obtaining a list of all software repositories in your organization, cloning and scanning them, and even dropping all of the results into a DefectDojo instance for later inspection.

Why secureCodeBox Version 2

· 8 min read
Sven Strittmatter
Core Developer


Cover photo by Evan Dennis on Unsplash.

In this article I will give you a deeper insight why we decided to make a major breaking rewrite of the secureCodeBox. First I'll give you an overview of the v1 architecture and the rationale behind. Also outline the problems we stumbled upon using secureCodeBox v1 for some years now. Afterwards I introduce you to the new secureCodeBox v2 architecture and the rationale behind.

What's Going On

· 5 min read
Sven Strittmatter
Core Developer


Photo by Javier Allegue Barros on Unsplash.

Maybe you're wondering what's going on with my beloved secureCodeBox. If you look at the GitHub insights for the main repo, you'll see: Not that much is going on:

Commits in the last months

So is secureCodeProject dead? Of course not! But we gained a lot of experiences using secureCodeBox and went through some changes in the last couple of months. In this blog post, I'll give you a brief outline of all these changes and what we aim to do in the near future.