{"id":13511550,"url":"https://github.com/baidu/openrasp","last_synced_at":"2025-05-14T19:08:26.945Z","repository":{"id":37743085,"uuid":"99914450","full_name":"baidu/openrasp","owner":"baidu","description":"🔥Open source RASP solution","archived":false,"fork":false,"pushed_at":"2024-06-05T08:45:33.000Z","size":300965,"stargazers_count":2862,"open_issues_count":61,"forks_count":616,"subscribers_count":111,"default_branch":"master","last_synced_at":"2025-05-14T19:08:19.360Z","etag":null,"topics":["devsecops","iast","rasp","security","waf"],"latest_commit_sha":null,"homepage":"https://rasp.baidu.com","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/baidu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-08-10T11:09:30.000Z","updated_at":"2025-05-14T05:02:06.000Z","dependencies_parsed_at":"2023-02-04T06:31:32.325Z","dependency_job_id":"b157c6e4-ed72-4f94-bde9-8d889acee830","html_url":"https://github.com/baidu/openrasp","commit_stats":{"total_commits":3707,"total_committers":41,"mean_commits":90.41463414634147,"dds":0.6862692203938494,"last_synced_commit":"240fde3901c7a36aaade3683ffd5c89140a535fb"},"previous_names":[],"tags_count":34,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/baidu%2Fopenrasp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/baidu%2Fopenrasp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/baidu%2Fopenrasp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/baidu%2Fopenrasp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/baidu","download_url":"https://codeload.github.com/baidu/openrasp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254209859,"owners_count":22032897,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devsecops","iast","rasp","security","waf"],"created_at":"2024-08-01T03:00:55.484Z","updated_at":"2025-05-14T19:08:20.814Z","avatar_url":"https://github.com/baidu.png","language":"C++","readme":"# OpenRASP \r\n\r\n[![Build Status](https://www.travis-ci.org/baidu/openrasp.svg?branch=master)](https://www.travis-ci.org/baidu/openrasp)\r\n[![Build Status](https://img.shields.io/badge/README-切换语言-yellow.svg)](readme-zh_CN.md)\r\n\r\n### Introduction\r\n\r\nUnlike perimeter control solutions like WAF, OpenRASP directly integrates its protection engine into the application server by instrumentation. It can monitor various events including database queries, file operations and network requests etc.\r\n\r\nWhen an attack happens, WAF matches the malicious request with its signatures and blocks it. OpenRASP takes a different approach by hooking sensitive functions and examines/blocks the inputs fed into them. As a result, this examination is context-aware and in-place. It brings in the following benefits:\r\n\r\n1.\tOnly successful attacks can trigger alarms, resulting in lower false positive and higher detection rate;\r\n2.\tDetailed stack trace is logged, which makes the forensic analysis easier;\r\n3.\tInsusceptible to malformed protocol.\r\n\r\n### Quick Start\r\n\r\nSee detailed installation instructions [here](https://github.com/baidu/openrasp/wiki/Installation)\r\n\r\nWe also provide a few test cases that are corresponding to OWASP TOP 10 attacks, [download here](https://rasp.baidu.com/doc/install/testcase.html)\r\n\r\n### FAQ\r\n\r\n#### 1. List of supported web application servers\r\n\r\nWe've fully tested OpenRASP on the following application servers for Linux platforms:\r\n\r\n* Java\r\n  * Tomcat 6-9\r\n  * JBoss 4.X\r\n  * Jetty 7-9\r\n  * Resin 3-4\r\n  * SpringBoot 1-2\r\n  * IBM WebSphpere 8.5, 9.0\r\n  * WebLogic 10.3.6, 12.2.1\r\n* PHP\r\n  * 5.3-5.6, 7.0-7.4\r\n\r\nThe support of other web application servers will also be soon included in the coming releases.\r\n\r\n#### 2. Performance impact on application servers\r\n\r\nWe ran multiple intense and long-lasting stress tests prior to release. Even in the worst-case scenario (where the hook point got continuously triggered) the server's performance was only reduced by 1\\~4%\r\n\r\n#### 3. Integration with existing SIEM or SOC\r\n\r\nOpenRASP logs alarms in JSON format, which can be easily picked up by Logstash, rsyslog or Flume.\r\n\r\n#### 4. How to develop a new plugin?\r\n\r\nA plugin receives a callback when an event occurs. It then determines if the current behavior is malicious or not and blocks the associated request if necessary.\r\n\r\nDetailed plugin development instructions can be found [here](https://rasp.baidu.com/doc/dev/main.html)\r\n\r\n### Contact\r\n\r\nTechnical support:\r\n\r\n* [RASP QQ group #2: 595568655](http://shang.qq.com/wpa/qunwpa?idkey=5016bac5431b23316a79efdcd2c4dadd6ef8b99b231e4ed10f1e265573a66e1c)\r\n* [RASP QQ group #1 (full): 259318664](http://shang.qq.com/wpa/qunwpa?idkey=5016bac5431b23316a79efdcd2c4dadd6ef8b99b231e4ed10f1e265573a66e1c)\r\n* [OpenRASP Google Group](https://groups.google.com/forum/#!forum/openrasp)\r\n\r\nBusiness inquires, comments and security reports:\r\n\r\n* General email: `openrasp-support # baidu.com`\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n","funding_links":[],"categories":["Web","C++","Инструменты","JavaScript","C++ (225)","安全"],"sub_categories":["Runtime Application Self-Protection","Runtime Security"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbaidu%2Fopenrasp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbaidu%2Fopenrasp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbaidu%2Fopenrasp/lists"}