The Software Assurance Marketplace (SWAMP) provides continuous software assurance capabilities to developers and researchers. For users that need or prefer to run software assurance tools on their own computing infrastructure, the SWAMP offers a standalone software application called “SWAMP-in-a-Box” (SiB). The SiB package can be deployed on your own servers if you have higher security or compliance requirements for your software, or, being open-source, when you want to customize the software. SWAMP-in-a-Box is now available as an open beta, downloadable from GitHub.

SWAMP-in-a-Box user community

System Requirements

  • Operating System
    • CentOS 7
  • Hardware Requirements*
    • Minimum: 16 GB RAM, 256 GB disk, 4 cores
    • Recommended: 64 GB RAM, 1 TB disk, 8 cores
    • Support for KVM virtualization

Benefits of SWAMP-in-a-Box

  • Keep your code private and secure
  • Run on an isolated network or intranet
  • Flexibility to configure your own SWAMP
  • Same open-source tools and plug-ins as mir-swamp.org
  • “Bring your own license” for commercial tools
  • View results using Code Dx
  • Compare results from multiple tools

*Minimum requirements support 2 simultaneous VMs (1 assessment VM and 1 results viewer VM). Recommended requirements support multiple simultaneous assessment VMs.

If you are installing SWAMP-in-a-Box in a virtual machine, the hypervisor must support and be configured for nested virtualization, because SWAMP-in-a-Box itself uses virtual machines to perform assessments of packages and to run the results viewer.


Press Release – 13 October 2016