Asserts is an open-source tool
that looks for deterministic and peripheral vulnerabilities
performing Dynamic and Static Application Security Testing (DAST - SAST).
Asserts also automates attacks to verify the status (open/closed)
of vulnerabilities on your system
and gives you fast feedback on the proposed solutions.
Therefore, Asserts can be included in CI/CD environments
as a security gate.
Figure 1. Graphical representation
Python for the source code.
AWS to host the infrastructure.
Terraform to define as Code the infrastructure.
Docker to pack environments.
PGP, KMS, and SOPS to encrypt secrets
and ensure safe-transport and storage of critical information.
Asserts will allow you to
perform generic security tests during the software life cycle;
perform custom security tests during the software life cycle;
encapsulate organization security policies as code,
and enforce them across your software life cycle;
identify the status of deterministic vulnerabilities on your system;
recognize the exact moment a vulnerability appeared
(for every vulnerability check, Asserts prints the ToE fingerprint);
have an interactive cycle of vulnerability closing.