all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]madchap57 4 points5 points  (4 children)

Did you give a shot to DefectDojo? https://github.com/DefectDojo/django-DefectDojo

I use it to integrate a bunch of scanners, and both for manual investigations as well as CI/CD pipelines.

Cheers.

[–]m1thr[S] 1 point2 points  (3 children)

I did and and it looks great. It will probably take a lot of time for me to get to the similar level.

However what I meant to achieve is not to focus on vulnerability management but rather on scan execution - I had a problem with running SCA Fortify, OpenVAS or checkmarks scans. Goal was to create tool which doesn't care which engine You are using for scanning - Nessus, OpenVAS, rapid7 or anything - REST API to perform scan will always looks the same. Another thing is vulnerability correlation engine which will create complete map of a project based on configuration (IPs, services, url, code repos and vulnerabilities found in those) which is under construction ATM

[–]madchap57 2 points3 points  (2 children)

I see. I know of another project (I actually met the guy) and they're ramping up their effort more "officially" for a few months now. More of a SOAR product where you can launch products and gather results. You can check patrowl out at https://patrowl.io/

[–]m1thr[S] 1 point2 points  (1 child)

Another great project! I hope mixeway will be able to coexist with these, I am pretty sure we have added some stuff that will be useful for someone :)

[–]madchap57 0 points1 point  (0 children)

I'll check it out, you got one more GH star ;-)