Checkmarx / 2ms

Related projects ⓘ

Alternatives and complementary repositories for 2ms

• jstawinski / GitHub-Actions-Attack-Diagram
  ☆151Updated 2 months ago
• boostsecurityio / lotp
  boostsecurityio/lotp
  ☆100Updated 7 months ago
• synacktiv / octoscan
  Octoscan is a static vulnerability scanner for GitHub action workflows.
  ☆166Updated this week
• boostsecurityio / poutine
  boostsecurityio/poutine
  ☆229Updated last week
• RefactorSecurity / vscode-security-notes
  Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝
  ☆129Updated last year
• klarna-incubator / gram
  Gram is Klarna's own threat model diagramming tool
  ☆280Updated 2 weeks ago
• synacktiv / nord-stream
  Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …
  ☆251Updated 3 weeks ago
• TinderSec / gh-workflow-auditor
  Script to audit GitHub Action Workflow files for potential vulnerabilities.
  ☆150Updated 2 months ago
• nccgroup / ccs
  ☆110Updated last year
• vishalgarg-sec / Software-Supply-Chain-Security
  A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…
  ☆125Updated 9 months ago
• bullfrogsec / bullfrog
  Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows
  ☆79Updated last week
• domain-protect / domain-protect-gcp
  Protect against subdomain takeover
  ☆92Updated 5 months ago
• iriusrisk / OpenThreatModel
  The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.
  ☆169Updated 9 months ago
• smithy-security / smithy
  The security workflow engine!
  ☆73Updated this week
• theparanoids / PrioritizedRiskRemediation
  A Risk-Based Prioritization Taxonomy for prioritizing CVEs (Common Vulnerabilities and Exposures).
  ☆67Updated 6 months ago
• controlplaneio / truffleproc
  truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)
  ☆110Updated last year
• padok-team / cognito-scanner
  A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation
  ☆100Updated 8 months ago
• boringtools / git-alerts
  Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
  ☆196Updated last month
• adeptex / whispers
  Identify hardcoded secrets in static structured text (version 2)
  ☆86Updated this week
• latiotech / insecure-kubernetes-deployments
  A full insecure kubernetes application for testing security tools
  ☆54Updated 2 weeks ago
• mllamazares / STRIDE-vs-ASVS
  🖇️ STRIDE vs. ASVS equivalence table
  ☆75Updated 2 months ago
• DataDog / HASH
  HASH (HTTP Agnostic Software Honeypot)
  ☆128Updated 6 months ago
• Checkmarx / capital
  A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Sec…
  ☆274Updated 7 months ago
• os-scar / overlay
  Overlay is a browser extension helping developers evaluate open source packages before picking them
  ☆221Updated 8 months ago
• DataDog / grimoire
  Generate datasets of cloud audit logs for common attacks
  ☆183Updated 3 months ago
• orcasecurity-research / AIGoat
  AIGoat: A deliberately Vulnerable AI Infrastructure. Learn AI security through solving our challenges.
  ☆78Updated 2 months ago
• step-security / github-actions-goat
  GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
  ☆440Updated last month
• red-kite-solutions / stalker
  Stalker, the Extensible Attack Surface Management tool.
  ☆78Updated this week
• DataDog / undocumented-aws-api-hunter
  A tool to uncover undocumented APIs from the AWS Console.
  ☆80Updated last month
• latiotech / LAST
  Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini
  ☆149Updated 7 months ago