Welcome to the SWAMP

Software is a crucial component of daily living, affecting our privacy, worldwide economic structures, and the services we depend on every day. With the increasing rate of security breaches, today’s applications need to be built more securely at the code level, and that code needs to be tested regularly. The Software Assurance Marketplace was developed to make it easier to consistently test the quality and security of these applications and bring a transformative change to the software assurance landscape by reducing the number of weaknesses deployed in software.

There are two ways to use the SWAMP: the ready-to-use cloud computing platform at mir-swamp.org or the SWAMP-in-a-Box (SiB) open-source distribution that is downloadable from GitHub. Both are available at no-cost to you and include an array of open-source and commercial software security testing tools as well as a comprehensive results viewer to simplify vulnerability remediation. Each also supports an API, allowing you to integrate the SWAMP into existing software development workflows.

  • MIR-SWAMP supports software assurance with minimal fuss and is a good way to try out the SWAMP either for use as part of a class or regular day-to-day usage. It also offers a library of applications with known vulnerabilities, enabling tool developers to improve the effectiveness of their own static and dynamic testing tools.
  • SWAMP-in-a-Box can be deployed on your own servers if you have higher security or compliance requirements for your software or, being open-source, when you want to customize the software.

Upcoming Events

  • The SWAMP team will be exhibiting at the ATARC DevOps Technology Showcase, part of the ATARC Federal DevOps Summit, on March 1, 2018 at the Washington Marriott at Metro Center Hotel in D.C. The agenda and registration information can be found here.
  • The SWAMP and Parasoft are hosting a webinar on Thursday, March 8, 2018 at 12pm Central (1pm Eastern). Register here to learn more about Parasoft tools in SWAMP-in-a-Box.
  • SWAMP will be in Baltimore, MD on March 21-22, 2018 for DevOpsDays Baltimore, located at UMBC’s Columbus Center. Register for the event here.
  • SWAMP is supporting Women in CyberSecurity for WiCyS 2018! Visit us at the Hilton Chicago Downtown on March 23-24, 2018. More information about how to register can be found here.
  • The SWAMP is supporting HACK NYC 2018 on May 7-10, 2018 at 11 Times Square in NYC. Register here.
  • The SWAMP team will be exhibiting at OSCON 2018 on July 16-19, 2018. We’re excited to be coming back to Portland, OR!

The SWAMP Team

Morgridge Institute for Research (MIR) Center for Applied Cybersecurity Research (CACR) at Indiana University's Pervasive Technology Institute National Center for Supercomputing Applications (NCSA) at University of Illinois at Urbana-Champaign Department of Computer Sciences at University of Wisconsin-Madison

The SWAMP Partners

CodeDx Parasoft GrammaTech
Sonatype Logo CI Logon Logo
Synopsys logo PRQA Programming Research HTCondor Logo