Checkmarx / chainjacking
Find which of your direct GitHub dependencies is susceptible to RepoJacking attacks
β58Updated 2 years ago
Alternatives and similar repositories for chainjacking:
Users that are interested in chainjacking are comparing it to the libraries listed below
- A project to visualize the software supply chainβ45Updated last year
- Dependency Combobulatorβ93Updated last year
- Manager of third-party sources of Semgrep rules πβ81Updated 9 months ago
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β133Updated 3 weeks ago
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and versβ¦β114Updated last week
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.β37Updated 3 years ago
- boostsecurityio/lotpβ123Updated last week
- β110Updated last year
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β62Updated 9 months ago
- Discover vulnerabilities and container image misconfiguration in production environments.β55Updated last month
- FastCVE - fast, rich and API-based search for CVE and more (CPE, CWE, CAPEC)β49Updated last week
- Proof-of-concept code for research into GitHub Actions Cache poisoning.β22Updated last month
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)β23Updated 9 months ago
- π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.β39Updated 4 months ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chainβ92Updated 2 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ104Updated 2 months ago
- Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and gitβ91Updated this week
- Sharing software supply chain security open source projectsβ49Updated 2 years ago
- Reference architecture and proof of concept implementation for supply chain security gatewayβ23Updated 2 years ago
- Maturity Model Collaborative projectβ15Updated 2 years ago
- Security scanning & static analysis toolβ94Updated 6 months ago
- Tool for collecting vulnerability data from various sources (used to build the grype database)β93Updated last week
- A Golang library for interacting with the EPSS (Exploit Prediction Scoring System).β28Updated 2 months ago
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raiderβ139Updated 3 years ago
- PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by useβ¦β70Updated 2 years ago
- Scans your Github Actions for security issuesβ64Updated 2 months ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflowsβ95Updated 2 weeks ago
- β10Updated 2 years ago
- WAF bypass PoCβ47Updated last year
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ61Updated last year