AppSec Kit

Managing dependencies is a crucial aspect of any software project, but it can be a complex and time-consuming task. AppSec Kit provides dependency visibility, generating a Software Bill of Materials (SBOM) that presents a comprehensive view of all direct and transitive dependencies used in your application.

The SBOM is generated automatically each time you perform a development build — or can be initiated on-demand. This allows you to have complete visibility of your application’s contents.

AppSec Kit further streamlines the remediation process by regularly scanning the SBOM, and cross-referencing it with multiple industry-standard vulnerability databases, including National Vulnerability Database and GitHub Security Advisories. It identifies known vulnerabilities in both direct and transitive dependencies and includes detailed information, such as severity and patch versions.

Reports on the results are displayed in Vaadin Development tools, ensuring smooth integration in your Vaadin application development process. This allows you to address vulnerabilities earlier in the process, ensuring the security of your web applications without compromising development speed.

By identifying and highlighting any false positives associated with Vaadin Flow and its dependencies, AppSec Kit makes it easier for developers to identify the vulnerabilities that actually need addressing.

AppSec Kit flags any false positive vulnerabilities that were identified in the dependencies of the Vaadin platform. It shows the analysis from Vaadin’s security team, describing why it was considered a false positive. This allows you to focus on true vulnerabilities, on what matters.