Skip to content
This repository has been archived by the owner on Jun 13, 2019. It is now read-only.

groupon/codeburner

Repository files navigation

Codeburner Codeburner

One static analysis tool to rule them all.

What's new?

Version 1.2

  • Added support for Snyk
  • GitHub OAuth
  • Settings GUI w/ admin-only access control
  • Re-designed burn submission process searches repositories via GitHub API
  • lots of UI tweaks/improvements

What is Codeburner?

Codeburner is a tool to help security (and dev!) teams manage the chaos of static code analysis. Sure, you can fire off a bunch of scripts at the end of every CI build... but what do you actually DO with all those results?

Codeburner uses the OWASP Glue project to run multiple open source and commercial static analysis tools against your code, and provides a unified (and we think rather attractive) interface to sort and act on the issues it finds.

Key Features

  • Asynchronous scanning (via sidekiq) that scales
  • Advanced false positive filtering
  • Publish issues via GitHub or JIRA
  • Track statistics and graph security trends in your applications
  • Integrates with a variety of open source and commercial scanning tools
  • Full REST API for extension and integration with other tools, CI processes, etc.

Supported Tools

** commercial license required

Documentation

You can find full documentation for Codeburner at http://groupon.github.io/codeburner

Quick Start

See our Quick Start Guide if you want to try out Codeburner as quickly as possible using Docker Compose.

Installation

See our Installation Guide for complete manual install instructions.

User Guide

The User Guide will give you an overview of how to use Codeburner once you have things up and running.

Get Involved!

If you'd like to contribute, fork us on GitHub and check out the Developer Guide.