THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Currently we have no known Java vulnerabilities in OFBiz code. There are some vulnerable third parties libraries. Fortunately it's not high vulnerabilities. As you can see on our README file we use SonarCloud and soon CodeQL to check for our vulnerability during our Continuous Integration process on GitHub. We also use Checkstyle for a better code before pushing changes in Git repo.
JavaScript
For JavaScript : we use Retire.js see this page: About retire.js. As you can see on our README file we also use CodeQL to check for vulnerabilities during our Continuous Integration process on GitHub. And we use npm audit before pushing changes in Git repo.
HTTP headers
For HTTP headers: https://cyh.herokuapp.com/cyh.This page gives more information: How to Secure HTTP Headers
...
Another simpler but not to be negledted tool is the security option of Spotbug. I have used use it as an Eclipse plugin.