SWAMPs in the cloud and ground

Andrew Freeborn

• The SWAMP• What’s it like in the cloud?• Can I have a SWAMP in a box?• Demo!

Agenda

• Software Assurance Marketplace• https://www.mir-swamp.org/• Scans C, C++, Java, Ruby, Python, Android

apps, and more!• Checks source code for problems and gives

you a report with a variety of tools• FREE

The SWAMP

• The SWAMP in the cloud has lots of capability to scan all kinds of packages you want

• Performs decently with short wait times• You can have your application scanned on

various platforms like Red Hat, Ubuntu, etc• Lots of tools available such as gcc, Clang,

and linters

The SWAMP cloud

• Now you can have the SWAMP on-premise• https://continuousassurance.org/swamp-in-a-

box/• Minimum: 12GB RAM, 256GB HD, 4 cores• Not all tools are available, but you still get

Code Dx• You can tune the SWAMP to your specific use

cases, but then you have to manage things• Still free

SWAMP in a box

• SWAMP• https://www.mir-swamp.org

DEMO

• vivirytech@gmail.com• https://vivirytech.blogspot.com• Twitter: @vivirytech

Thanks!