安全开发
========================================

风险控制
----------------------------------------
- `aswan <https://github.com/momosecurity/aswan>`_ 陌陌风控系统静态规则引擎

静态分析
----------------------------------------
- `PHP CodeSniffer <https://github.com/squizlabs/PHP_CodeSniffer>`_ tokenizes PHP files and detects violations of a defined set of coding standards

安全编码规范 
----------------------------------------
- `JAVA安全SDK及编码规范 <https://github.com/momosecurity/rhizobia_J>`_
- `PHP安全SDK及编码规范 <https://github.com/momosecurity/rhizobia_P>`_

漏洞管理
----------------------------------------
- `SRCMS <https://github.com/martinzhou2015/SRCMS>`_
- `洞察 <https://github.com/creditease-sec/insight>`_ 宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台
- `xunfeng <https://github.com/ysrc/xunfeng>`_ 适用于企业内网的漏洞快速应急，巡航扫描系统
- `DefectDojo <https://github.com/DefectDojo/django-DefectDojo>`_ an open-source application vulnerability correlation and security orchestration tool
- `Fuxi Scanner <https://github.com/jeffzh3ng/Fuxi-Scanner>`_ Penetration Testing Platform
- `SeMF <https://gitee.com/gy071089/SecurityManageFramwork>`_ 企业内网安全管理平台，包含资产管理，漏洞管理，账号管理，知识库管、安全扫描自动化功能模块

DevSecOps
----------------------------------------
- `hunter <https://github.com/ztosec/hunter>`_ 中通DevSecOps闭环方案，被动式漏洞扫描器