Steve Springett

icon indicating a website link https://about.me/stevespringett

icon company @ServiceNow icon location Chicago icon location I build stuff, I break stuff, I develop stuff to protect stuff. Creator of @DependencyTrack. Chair of @CycloneDX and @Ecma-TC54. Core team of @package-url

Results 129 issues of Steve Springett

Achieve plugin isolation

Plugin execution needs to be isolated from other plugins and from the programs classloader. Additionally the plugins need to be componentized within the build and the result being one jar...

enhancement

Add support for multiple results/artifacts

Some providers may produce multiple artifacts that may be useful for various purposes. AppSpider has the xml report that's useful for ThreadFix but the zips containing the scan logs and...

enhancement

Add SFTP/SCP Publisher

Job results should be able to be published via SFTP/SCP to a remote server.

enhancement

Add BurpSuite Provider

1 comment

Add a provider implementation for BurpSuite

enhancement

Add WebInspect Provider

Add a provider implementation for HPE WebInspect 16.20 and higher using it's REST API / swagger definitions.

enhancement

Add Alert Subsystem

Add the ability to send email alerts whenever the state of a job changes.

enhancement

Add Nmap Provider

Add a provider implementation for nmap

enhancement

Add Metasploit Provider

Add a provider implementation for Metasploit via its REST API.

enhancement

Add Peach Fuzzer Provider

Add a provider implementation for Peach Fuzzer using it's REST API / swagger definitions.

enhancement

Add support for Blueprints

6 comment

A BOM is not overly useful to defenders as they only contain inventory of things and potentially how something was built (e.g. formulation). They do not provide any insight into...

proposed core enhancement