diff --git a/README.md b/README.md index 5f2eb68..bdd6a0c 100644 --- a/README.md +++ b/README.md @@ -29,10 +29,15 @@ - [References](#references) - [Alternatives/Additions](#alternativesadditions) - [Considered Strongest, but paid](#considered-strongest-but-paid) + - [others](#others) - [Free](#free) - [Other static analysis tools](#other-static-analysis-tools) - [Find out more](#find-out-more) - +- [Github actions interesting links](#github-actions-interesting-links) + - [Artifacts](#artifacts) + - [Expressions](#expressions) + - [Summaries](#summaries) + Proof of concept for a tomcat webapp boilerplate with automated testing and security checks. @@ -85,6 +90,7 @@ Vulnerability assessment actions: - can be customized and improved. - OWASP ZAP (Zed Attack Proxy) - using the base full-scan option + - can use the API scan instead (, ) can be fed and openapi spec - can be customized and improved. Can be put in a custom action to get the full cli power and adding extensions/addons (like sarif report ) Reports that won't generate a sarif are uploaded to github pages or are made available with custom actions at [issues](https://github.com/gipo999/tomcat-webapp-boilerplate/issues) @@ -129,6 +135,8 @@ Requires commits to be made following the `commitizen` format - wapiti - others can be added with custom actions or adding to the nmap cli tool created +Please check [Alternative/Additions](#alternativesadditions) + ### Sarif Reports Sarif reports can be uploaded to github with the `upload-sarif` action. @@ -174,6 +182,26 @@ After a succesful release, the docker image is uploaded to dockerhub and github - purpleteam +#### others + +- astra + +- apiscan + +- pentest tools + +- portswigger + + + + + + + + + + + #### Free - nuclei