secureCodeBox is a Kubernetes-based modular toolchain that automates continuous security scanning of software projects using multiple security-testing tools out of the box.
secureCodeBox (SCB) - continuous secure delivery out of the box
secureCodeBox is designed for development and security teams practicing continuous delivery who want to integrate automated, continuous security scans into their CI/CD pipelines. It helps detect low-hanging fruit vulnerabilities early and continuously, freeing penetration testers to focus on more complex security issues.
secureCodeBox requires a Kubernetes environment for deployment and orchestration; users should have familiarity with Kubernetes and Helm. It is designed to complement, not replace, manual penetration testing by automating detection of common vulnerabilities continuously. Refer to the official documentation for detailed setup, scanner integration, and best practices.
Set up a Kubernetes cluster to host secureCodeBox
Deploy secureCodeBox components using provided Helm charts or manifests (refer to documentation at https://www.securecodebox.io)
Configure security scanners and scan targets according to your project needs
Integrate secureCodeBox scans into your CI/CD pipeline for continuous scanning
Monitor scan results and alerts via the secureCodeBox dashboard or configured notification channelskubectl apply -f securecodebox.yaml
Deploy secureCodeBox resources to your Kubernetes cluster
kubectl get scans
List all active and completed security scans managed by secureCodeBox
kubectl describe scan <scan-name>
Get detailed information about a specific scan
helm repo add securecodebox https://charts.securecodebox.io
Add the secureCodeBox Helm chart repository for installation
helm install securecodebox securecodebox/securecodebox
Install secureCodeBox using Helm in your Kubernetes cluster