Checkmarx / chainjacking
Find which of your direct GitHub dependencies is susceptible to RepoJacking attacks
β58Updated 2 years ago
Alternatives and similar repositories for chainjacking:
Users that are interested in chainjacking are comparing it to the libraries listed below
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and versβ¦β111Updated 3 weeks ago
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β132Updated this week
- Dependency Combobulatorβ93Updated last year
- Manager of third-party sources of Semgrep rules πβ80Updated 8 months ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chainβ91Updated last month
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.β37Updated 3 years ago
- boostsecurityio/lotpβ115Updated last week
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β61Updated 8 months ago
- β110Updated last year
- Proof-of-concept code for research into GitHub Actions Cache poisoning.β22Updated 2 weeks ago
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raiderβ138Updated 3 years ago
- A project to visualize the software supply chainβ40Updated last year
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,β¦β132Updated last year
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)β23Updated 8 months ago
- Discover vulnerabilities and container image misconfiguration in production environments.β55Updated 3 weeks ago
- Sharing software supply chain security open source projectsβ46Updated 2 years ago
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β114Updated last year
- Mitigate security concerns of Dependency Confusion supply chain security risksβ46Updated 2 years ago
- Security scanning & static analysis toolβ94Updated 5 months ago
- Assorted tools for security-related task for git repositoriesβ59Updated 2 years ago
- CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and securitβ¦β51Updated last month
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.β170Updated 4 months ago
- Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification.β72Updated last year
- WAF bypass PoCβ46Updated last year
- π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.β39Updated 3 months ago
- β175Updated 4 months ago
- FastCVE - fast, rich and API-based search for CVE and more (CPE, CWE, CAPEC)β49Updated 2 months ago
- A tool for preventing the installation of malicious PyPI and npm packagesβ129Updated this week
- A small tool to help developers understand a huge set of security requirements from appsec teamsβ45Updated 2 years ago