OWASP Watchman


OWASP Watchman is a CLI-based toolkit designed to help organizations and Individuals secure their software supply chains. The toolkit includes capabilities for software source code integrity monitoring, configuration scanning, and vulnerability scanning. The project aims to provide a flexible and extensible solution that can be integrated into existing workflows and environments, with a focus on ease of use and automation.


The OWASP Watchman Project addresses a critical need for securing the software supply chain, which has become increasingly important as organizations rely more on third-party software components and cloud services. The project provides a comprehensive toolkit that includes both cryptographic integrity checks and configuration scanning capabilities, which can help detect upstream attacks by identifying changes to files that might indicate an attack or misconfiguration. The project leverages custom YAML rules for flexible and powerful configuration scanning, which can be customized to meet specific needs and environments. The command-line interface (CLI) provides an easy way to integrate the toolkit into existing workflows, such as CI/CD pipelines, and supports multiple platforms and file types.


The OWASP Watchman Project is licensed under the Apache License, Version 2.0. It allows for free use, modification, and distribution of the software, as long as the license terms are respected.


Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.