Samma security is a set of opensource tools put toghter. they will scan you apps and send there output to a ELk stack. The scanners are small and ligt and are will only scan on source. perfect in you CD pipline ore as a Kubernetes Job
Samma Monitoring is a small set of aps that will monitor you external webpages for you. here the diffrent are that the app themself will register with samma to get monitord. Perfect in a CD envorment when you spin up multipel apps. (Als working in integrate into kubernets and lissen for ingress)
After working with web security and monitor for years there are some tools thet dont follow us into the microservice world. So we have started using opensource tools. And here we packaged he tools we use so that you also can use them
Samma scanner are the scanners you use like nmap and openvas. But we package them into docker and ad som epython to extrakt the result. So now you can fire up a openvas scanner to scan your app and get the result into you Elasticsearch. Perfect for CD and DEVSECOPS
when going to microservice there are new host poping up everywhere and some are important to monitor. But adding new host al the time cant be done. So with samma monitoring when you app is deploy it register to our cloud service and then monitoring begins. All automated and build for todays webdeveloping.
I dont lke thoose big scan engine that has to be installed with vmware!!.No with samma i run my scans with docker fast and simple. And then Í can se stats on finding !!
Me agin: So easy to integrate devsecops when you can do basic scannings in Jenkins with a oneliner
Still Me:PCI DSS now have harder demands on scanning. And by making it easy to scan devs can scan before wo go to prod. So there are now new findings in prod for us.