SWAMP-in-a-Box is a standalone version of the Software Assurance Marketplace (SWAMP) that you can install on your own computer or server to perform software assurance analysis on your software code.

The Software Assurance Marketplace is a web service that provides continuous software assurance capabilities to developers and researchers.

How can I use the SWAMP?

There are two ways to use the SWAMP:

SWAMP-in-a-Box

You can download and install the SWAMP software on your own computer using the SWAMP-in-a-Box (SiB) open-source distribution. You can download it from either GitHub or from our latest release repository

SWAMP-in-the-Cloud

You can "test drive" SWAMP-in-a-Box using the ready-to-use cloud computing platform at mir-swamp.org. This allows you to get a feel for the software without installing anything on your own computer.

Which SWAMP software is right for me?

You should use SWAMP-in-a-Box if:

  • you have higher security or compliance requirements for your software which prohibit uploading your software to the web
  • you want to customize the software
  • you have a computer that meets the minimum system requirements for SWAMP-in-a-Box

You should use SWAMP-in-the-Cloud if:

  • you don't want to bother with installing any software on your own computer
  • you want your assessment results to be available from anywhere
  • you don't have a computer that meets the minimum system requirements for SWAMP-in-a-Box

Why use the SWAMP

Write more secure code

  • Find SQL injection problems
  • Find memory errors
  • Find insecure use of library functions

Write more efficient code

  • Find unreferenced code
  • Find unreachable code
  • Find unused variables

Write better code

  • Write more consistent code
  • Write more standard code
  • Find problems earlier

Capabilities of the SWAMP

Static analysis

  • Operates on the original source code
  • Tracks problems down to the location in the original code
  • Relatively quick and easy to use
  • Provides complete code coverage

Collaborate with others

  • Create projects
  • Invite new members
  • Share assessment results

Analyze your results

  • View results using Code Dx™
  • Compare results from multiple tools
  • Find and visualize overlaps
  • Correlate results

Who can benefit from the SWAMP

Software developers

  • Commercial software developers - create better products
  • Open source software developers - write code that will withstand rigorous code review

Students and educators

  • Learn secure coding practices
  • Learn to use industry standard tools
  • Learn how to fix the problems the tools report
  • Learn to use the SWAMP

Software assurance professionals

  • SwA tool developers - test SwA tools against hundreds of curated software packages
  • SwA researchers - analyze a large body of assessment results from many tools and packages

How much does it cost?

Both SWAMP-in-a-Box and the SWAMP cloud platform are available at no-cost to you and include an array of open-source software security testing tools as well as a comprehensive results viewer to simplify vulnerability remediation. Each also supports an API, allowing you to integrate the SWAMP into existing software development workflows.

This software is made possible by a grant from the the Department of Homeland Security (DHS) Science and Technology Directorate, Homeland Security Advanced Research Projects Agency, Cyber Security Division (DHS S&T/HSARPA/CSD). Put your tax dollars to work and use the SWAMP today!