Continuous Vulnerability Scanning with OWASP secureCodeBox (god2025)

The OWASP secureCodeBox project aims to provide a unified way to run and automate open-source scanning tools like nmap, nuclei, zap, ssh-audit, and sslyze to continuously scan the code and infrastructure of entire organizations. This allows setting up automated scans that will regularly scan internal networks and internet-facing systems for vulnerabilities. The SCB also allows defining rules to automatically start more in-depth scans based on previous findings, e.g., to start a specialized SSH scan if a port scan discovers an open SSH port. Scan results can be uniformly handled with prebuilt hooks, e.g. to send out alerts via messaging tools, or to ingest the findings into vulnerability management systems like OWASP DefectDojo. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de