Checkmarx / 2ms
Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git
☆79Updated last week
Related projects ⓘ
Alternatives and complementary repositories for 2ms
- ☆151Updated 2 months ago
- boostsecurityio/lotp☆100Updated 7 months ago
- Octoscan is a static vulnerability scanner for GitHub action workflows.☆166Updated this week
- boostsecurityio/poutine☆229Updated last week
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆129Updated last year
- Gram is Klarna's own threat model diagramming tool☆280Updated 2 weeks ago
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆251Updated 3 weeks ago
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆150Updated 2 months ago
- ☆110Updated last year
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆125Updated 9 months ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆79Updated last week
- Protect against subdomain takeover☆92Updated 5 months ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆169Updated 9 months ago
- The security workflow engine!☆73Updated this week
- A Risk-Based Prioritization Taxonomy for prioritizing CVEs (Common Vulnerabilities and Exposures).☆67Updated 6 months ago
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆110Updated last year
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆100Updated 8 months ago
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆196Updated last month
- Identify hardcoded secrets in static structured text (version 2)☆86Updated this week
- A full insecure kubernetes application for testing security tools☆54Updated 2 weeks ago
- 🖇️ STRIDE vs. ASVS equivalence table☆75Updated 2 months ago
- HASH (HTTP Agnostic Software Honeypot)☆128Updated 6 months ago
- A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Sec…☆274Updated 7 months ago
- Overlay is a browser extension helping developers evaluate open source packages before picking them☆221Updated 8 months ago
- Generate datasets of cloud audit logs for common attacks☆183Updated 3 months ago
- AIGoat: A deliberately Vulnerable AI Infrastructure. Learn AI security through solving our challenges.☆78Updated 2 months ago
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆440Updated last month
- Stalker, the Extensible Attack Surface Management tool.☆78Updated this week
- A tool to uncover undocumented APIs from the AWS Console.☆80Updated last month
- Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini☆149Updated 7 months ago