-
Notifications
You must be signed in to change notification settings - Fork 1
/
cookbook-configuration.yaml
80 lines (80 loc) · 3.32 KB
/
cookbook-configuration.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# rootPaths specify which folders to scan for recipes.
# Recipes may specify 'descriptionFile' paths either relative to
# the recipe's location or relative to the rootPath.
rootPaths:
- recipes
cookbooks: # List of cookbooks
- id: scw:basic-protection-set
name: Basic Protection Set
description: Starting point for security that detects weak cryptography, injection vulnerabilities and XXE in a framework-agnostic way.
includedTags: ["basic protection set"]
excludedTags: []
featured: true
recommended: true
- id: scw:java
name: "Java Gotcha's"
description: Detection of mistakes relating to incorrect or unsafe use of Java language features and APIs such as object equality, exception handling, regular expressions and collections.
includedTags: ["Java basic"]
excludedTags: []
featured: true
recommended: true
- id: scw:aws
name: AWS SDK
description: Best practices for the Amazon Web Services ecosystem including credential management/storage, databases and region selection.
includedTags: [AWS]
excludedTags: []
featured: true
- id: scw:spring
name: Spring
description: Best practices spanning the Java Spring projects including Boot, Core, Data, Security and Web.
includedTags: [Spring]
excludedTags: []
featured: true
- id: scw:android
name: Android Security Set
description: Recipes created from security recommendations in the official Android documentation (https://developer.android.com/), including checks for the manifest file, injection vulnerability, configuration and storage.
includedTags: [Android security set]
excludedTags: []
featured: true
- id: scw:owasp-top-10
name: OWASP Top 10 Set
description: Collection of all recipes related to the OWASP Top 10 categories such as injection, authentication, security misconfiguration.
includedTags: [OWASP Top 10]
excludedTags: []
featured: true
- id: scw:logging:log4j
name: Log4j
description: Recipes relating to Log4j (and Log4Shell vulnerabilities)
includedTags: [Log4j]
excludedTags: []
featured: true
- id: scw:logging:slf4j
name: Standardisation on SLF4J
description: Recipes to standardise on the SLF4J framework including migrations from other logging frameworks
includedTags: [SLF4J]
excludedTags: []
featured: true
- id: scw:testing:assertj
name: Standardisation on AssertJ for unit testing
description: Recipes to standardise on the AssertJ framework including idiomatic assertions and migrations from other frameworks.
includedTags: [AssertJ]
excludedTags: []
featured: true
- id: scw:testing:junit4
name: JUnit 4 Best Practices
description: Best practices for the JUnit 4 testing framework including correct usage of its API and annotations.
includedTags: [JUnit 4]
excludedTags: []
featured: true
- id: scw:testing:junit5
name: JUnit 5 Best Practices
description: Best practices for the JUnit 5 testing framework including correct usage of its API and annotations.
includedTags: [JUnit 5]
excludedTags: []
featured: true
- id: scw:java-time
name: Standardisation on java.time (JSR-310)
description: Standardisation on java.time (JSR-310) including migrations from other time frameworks.
includedTags: [java.time]
excludedTags: []
featured: true