## OWAP - Free for OpenSource App Security Tools - SAST Tools (Static Application Security Testing) - | Name | License | 已檢查 | | --------------------- | ------- | ----- | | LGTM.com | Free for open source（Free for Public repo） | <input type="checkbox"> | | HCL AppScan CodeSweep | Free for 30 days | <input type="checkbox"> | |https://github.com/ShiftLeftSecurity/sast-scan |GPL 3.0 |<input type="checkbox"> | |gitlab sast|Available in GitLab Free self-managed |<input type="checkbox">| - DAST Tools (Dynamic Application Security Testing) - | Name | License | Checked | | ------------------------ | ------- | ------- | | OWASP ZAP |Apache License 2.0 \ Commercial use | <input type="checkbox"> | | Arachni | 商用限制在於再發佈這點上，內部使用不用 | <input type="checkbox"> | | OWASP purpleteam | AGPL 3.0 | <input type="checkbox"> | |https://github.com/banzaicloud/dast-operator|Apache License 2.0 \ Commercial use|<input type="checkbox">| - Open Source Software (OSS) Security Tools - Keeping Your Libraries Updated | Name | License | Checked | | ---------- | ------- | ----------------------- | | Dependabot | This license lets you use and share this software for free,with a trial-length time limit on commercial use. | <input type="checkbox"> | - Detecting Known Vulnerable Components | Name | License | Checked | | ---------------------- | ------- | ------- | | OWASP Dependency Track | Apache License 2.0 \ Commercial use | <input type="checkbox"> | | GitHub: Security alerts for vulnerable dependencies| |<input type="checkbox"> | |Debricked|free for open source |<input type="checkbox"> | - Code Quality Tools | Name | License | Checked | | -------- | -------- | -------- | | SonarQube| GPL 3(Community Edition) | <input type="checkbox"> |