Checkmarx / chainjackingLinks
Find which of your direct GitHub dependencies is susceptible to RepoJacking attacks
☆60Updated 3 years ago
Alternatives and similar repositories for chainjacking
Users that are interested in chainjacking are comparing it to the libraries listed below
Sorting:
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers…☆128Updated 2 months ago
- ☆114Updated 2 years ago
- Manager of third-party sources of Semgrep rules 🗂☆90Updated last year
- Dependency Combobulator☆93Updated last year
- Focused malicious code detection ruleset, with a high protection-to-noise ratio☆127Updated 8 months ago
- A project to visualize the software supply chain☆54Updated 2 years ago
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆138Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆138Updated last year
- Sharing software supply chain security open source projects☆52Updated 2 years ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)☆32Updated 6 months ago
- boostsecurityio/lotp☆136Updated last week
- A comprehensive list of software composition analysis tools.☆157Updated 2 weeks ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆67Updated 4 months ago
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider☆139Updated 4 years ago
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.☆40Updated 3 years ago
- 🔍A cutting edge context aware GraphQL API fuzzing tool!☆153Updated 2 months ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆96Updated 8 months ago
- 🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.☆41Updated 10 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆106Updated 9 months ago
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆156Updated last year
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆21Updated 7 months ago
- Discover vulnerabilities and container image misconfiguration in production environments.☆56Updated last month
- FastCVE: A Dockerized CVE search tool with API and CLI support for security vulnerability queries.☆56Updated 5 months ago
- ☆10Updated 3 years ago
- Nuclei plugins to audit Chrome extensions☆65Updated last year
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆120Updated 2 years ago
- Scans your Github Actions for security issues☆86Updated last week
- ☆93Updated 9 months ago
- Documentation of Semgrep: a fast, open-source, static analysis tool.☆44Updated this week
- Demonstrates how a malicious dependency could negatively impact the build output.☆24Updated 2 years ago