This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP secureCodeBox

Jump to: navigation, search
OWASP Project Header.jpg

OWASP secureCodeBox Project

Logo of the OWASP secureCodeBox Project

The OWASP secureCodeBox Project is a docker based, modularized toolchain for continuous security scans of your software project. Its goal is to orchestrate and easily automate a bunch of security-testing tools out of the box. With the secureCodeBox we provide a toolchain for continuous scanning of applications to find the low-hanging fruit issues early in the development process and free the resources of the penetration tester to concentrate on the major security issues.


The purpose of secureCodeBox is not to replace the penetration testers or make them obsolete. We strongly recommend to run extensive tests by experienced penetration testers on all your applications. For more informations about this project please have look at our GitHub Repo

Our main goal is to implement a major security testing platform and framework which enables developers and teams to integrate a bunch of security testing tools in their CI/CD environment as easy as possible. The flexibility and scalability of the platform architecture leads to features like multi tenancy support, large scale (multi-) project testing, support of distributed and private networks, customisable security test flows,... which enables projects to test complex environments without implementing the complete security testing infrastructure on their own.

Secondly we try to foster a broad range of security tools to be easily integrated. Also we will try to integrate existing OWASP Projects as building blocks in our platform.


As of Mai, 2019, the highest priorities for the next 6 months are:

  • Finalize the integration with the OWASP DefectDojo Project, as a building block for security finding analytics
  • Enhance the multi tenant support
  • Migrate the deployment setup to Kubernetes, based on terraform for provisioning
  • Implement a UI for the Project based on the existing secureCodeBox API
  • Integrate a new REST API security scanner

Future milestones in general are:

  • Adapt a serverless infrastructure architecture for the security scanner microservices
  • Migrate the process engine (Camunda) to a more lightweight technology ( maybe)

Getting Involved

Contributions are welcome and extremely helpful 🙌

You are welcome, please join us on... 👋


This Project is free software: you can redistribute it and/or modify it under the terms of the Apache License 2.0. OWASP secureCodeBox Project and any contributions are Copyright © by {the Project Leader(s) or OWASP} {Year(s)}.

Project About

What does this OWASP project offer you?
What releases are available for this project?
what is this project?
Name: OWASP secureCodeBox
Purpose: N/A
License: N/A
who is working on this project?
Project Leader(s):
  • Robert Seedorff @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: N/A
Project Roadmap: Not Yet Created
Key Contacts
  • Contact Robert Seedorff @ to contribute to this project
  • Contact Robert Seedorff @ to review or sponsor this project
current release
Not Yet Published
last reviewed release
Not Yet Reviewed

other releases

Project Resources

GitHub Project


Issue Tracker




Project Leader




Integrated Projects

Related Projects


Project Type Files TOOL.jpg
Incubator Project Owasp-builders-small.png
Apache License 2.0