SWAMP-in-a-Box is a standalone version of the Software Assurance Marketplace (SWAMP) that you can install on your own computer or server to perform software assurance analysis on your software code.
The Software Assurance Marketplace is a web service that provides continuous software assurance capabilities to developers and researchers.
How can I use the SWAMP?
There are two ways to use the SWAMP:
SWAMP-in-a-Box
You can download and install the SWAMP software on your own computer using the SWAMP-in-a-Box (SiB) open-source distribution. You can download it from either GitHub or from our latest release repository
SWAMP-in-the-Cloud
You can "test drive" SWAMP-in-a-Box using the ready-to-use cloud computing platform at mir-swamp.org. This allows you to get a feel for the software without installing anything on your own computer.
Which SWAMP software is right for me?
You should use SWAMP-in-a-Box if:
- you have higher security or compliance requirements for your software which prohibit uploading your software to the web
- you want to customize the software
- you have a computer that meets the minimum system requirements for SWAMP-in-a-Box
You should use SWAMP-in-the-Cloud if:
- you don't want to bother with installing any software on your own computer
- you want your assessment results to be available from anywhere
- you don't have a computer that meets the minimum system requirements for SWAMP-in-a-Box
Why use the SWAMP
Write more secure code
- Find SQL injection problems
- Find memory errors
- Find insecure use of library functions
Write more efficient code
- Find unreferenced code
- Find unreachable code
- Find unused variables
Write better code
- Write more consistent code
- Write more standard code
- Find problems earlier
Capabilities of the SWAMP
Static analysis
- Operates on the original source code
- Tracks problems down to the location in the original code
- Relatively quick and easy to use
- Provides complete code coverage
Collaborate with others
- Create projects
- Invite new members
- Share assessment results
Analyze your results
- View results using Code Dx™
- Compare results from multiple tools
- Find and visualize overlaps
- Correlate results
Who can benefit from the SWAMP
Software developers
- Commercial software developers - create better products
- Open source software developers - write code that will withstand rigorous code review
Students and educators
- Learn secure coding practices
- Learn to use industry standard tools
- Learn how to fix the problems the tools report
- Learn to use the SWAMP
Software assurance professionals
- Software assurance tool developers - test software assurance tools against hundreds of curated software packages
- Software assurance researchers - analyze a large body of assessment results from many tools and packages
How much does it cost?
Both SWAMP-in-a-Box and the SWAMP cloud platform are available at no-cost to you and include an array of open-source software security testing tools as well as a comprehensive results viewer to simplify vulnerability remediation. Each also supports an API, allowing you to integrate the SWAMP into existing software development workflows.
This software is made possible by a grant from the Department of Homeland Security (DHS) Science and Technology Directorate, Homeland Security Advanced Research Projects Agency, Cyber Security Division (DHS S&T/HSARPA/CSD). Put your tax dollars to work and use the SWAMP today!