Grow your team on GitHub
GitHub is home to over 28 million developers working together. Join them to grow your own development teams, manage permissions, and collaborate on projects.Sign up
Tool to convert SCARF files to SARIF files
Library to write SARIF files from Perl
The Java-assess framework enables assessments of Java software packages in the SWAMP. It has build monitoring capabilities to monitor builds that use the following build systems: Apache Ant, Apache Maven, and Apache Gradle. It also enables the analysis of Java bytecode packages and Java packages that do not use any build system in the SWAMP.
The Ruby-assess framework enables assessments of Ruby software packages in the SWAMP. It helps to analyze ruby source packages that use the following build systems: bundler+rake, bundler+other, rake, and other. It can also analyze Ruby gems.
database and database upgrade paths
SWAMP web server
web front end code
Java and Perl code for assessments
The C-assess framework enables assessments of C/C++ software packages in the SWAMP. It has build monitoring capabilities to monitor builds that use Make, Cmake, or any other build systems, and it runs the software assurance tools with the exact files and options used during the build step.
The Java CLI is a Java library and a command line interface that provides many common operations to a SWAMP instance: get a list of projects, packages (versions), assessments, tools, & platforms. Users can also create/upload packages (versions), configure/start an assessment, check the status of an assessment, & download SCARF results.
This plug-in allows Java and C/C++ Eclipse users to perform static code assessments in the SWAMP and to view the results within the Eclipse Integrated Development Environment. The plug-in can also be found in the Eclipse Marketplace as SWAMP Eclipse Plug-in.
Script to compare SCARF files and display differences.
The SWAMP Result Parser is a program that converts results for all the tools supported in the SWAMP from their native tool output to the SWAMP Common Assessment Result Format (SCARF).
SWAMP Java API
This script is a Git and Subversion hook. Any commit or push of a new version will upload that version of code in the SWAMP. Results are viewable from the SWAMP website.
This plug-in allows projects using Jenkins to perform static code assessments in the SWAMP as part of a build. Trend data and results are viewable directly in Jenkins. The plug-in can be found in the Jenkins Plugins Index or on GitHub.
SWAMP runs software assurance tools & converts the results of each tool into a common format called SCARF (SWAMP Common Assessment Result Format). The scarf-io repository contains a set of libraries that allows a client to read & write SCARF data from programs written in Perl, Python, C, C++, & Java (read-only). SCARF is an XML-based file format.
Scripts and utilities maintained by and for the security team.
Script to assist developers with creating an archive of their source code that is useful with the SWAMP from an active development directory.
The SWAMP runs software assurance tools and converts the results of each tool into a common format called SCARF (SWAMP Common Assessment Result Format). The scarf-db program uploads SCARF results into a NoSQL database (MongoDB) or SQL databases (PostgreSQL, MySQL, MariaDB, or SQLite3).
Summary data of assessments run on SWAMP curated packages
Using the SWAMP API with curl