Checkmarx / chainalert-github-action
scans popular packages and alerts in cases there is suspicion of an account takeover
☆41Updated 3 years ago
Alternatives and similar repositories for chainalert-github-action
Users that are interested in chainalert-github-action are comparing it to the libraries listed below
Sorting:
- Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git☆91Updated this week
- Find which of your direct GitHub dependencies is susceptible to RepoJacking attacks☆58Updated 2 years ago
- This project is deprecated. Use https://github.com/returntocorp/semgrep instead☆73Updated last year
- Mitigate security concerns of Dependency Confusion supply chain security risks☆46Updated 2 years ago
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.☆37Updated 3 years ago
- Generate a score for your sbom to understand if it will actually be useful.☆229Updated 9 months ago
- Runtime Security Solution for your CI/CD Pipeline☆102Updated last month
- A tool to check the security settings of Github Organizations.☆71Updated last year
- Scans your Github Actions for security issues☆70Updated last week
- Feed parsing for language package manager updates☆79Updated 5 months ago
- creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects☆127Updated this week
- boostsecurityio/poutine☆267Updated last week
- Scans every git push to your Github organisations to find unwanted secrets.☆87Updated 2 weeks ago
- GitHub action to generate a CycloneDX SBOM for Node.js☆21Updated 4 months ago
- ☆105Updated 3 weeks ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆94Updated 3 months ago
- GitHub Advanced Security Policy as Code☆82Updated 3 weeks ago
- Dependency Combobulator☆93Updated last year
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆120Updated 4 months ago
- 🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.☆39Updated 5 months ago
- A tool for preventing the installation of malicious PyPI and npm packages☆144Updated this week
- ☆64Updated 3 months ago
- ⚡️Snyk API powered import tool to help you automate & monitor a large scale import into Snyk organizations. Designed for onboarding with …☆40Updated last month
- Focused malicious code detection ruleset, with a high protection-to-noise ratio☆118Updated 2 months ago
- This open-source project tracks RED-LILI's activity over time as there are evidence the actor is still active. All information provided h…☆11Updated last year
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆155Updated 8 months ago
- 🖇️ STRIDE vs. ASVS equivalence table☆76Updated 8 months ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆309Updated this week
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆172Updated 5 months ago
- Count distinct contributor of Snyk watched repos across several SCM☆32Updated 10 months ago