Checkmarx / chainjackingLinks
Find which of your direct GitHub dependencies is susceptible to RepoJacking attacks
β58Updated 3 years ago
Alternatives and similar repositories for chainjacking
Users that are interested in chainjacking are comparing it to the libraries listed below
Sorting:
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.β38Updated 3 years ago
- Manager of third-party sources of Semgrep rules πβ86Updated 10 months ago
- Dependency Combobulatorβ93Updated last year
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and versβ¦β120Updated this week
- Sharing software supply chain security open source projectsβ50Updated 2 years ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β65Updated 11 months ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chainβ94Updated 3 months ago
- A project to visualize the software supply chainβ52Updated last year
- boostsecurityio/lotpβ126Updated last month
- FastCVE: A Dockerized CVE search tool with API and CLI support for security vulnerability queries.β52Updated this week
- Documentation of Semgrep: a fast, open-source, static analysis tool.β41Updated this week
- Proof-of-concept code for research into GitHub Actions Cache poisoning.β21Updated 2 months ago
- Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and gitβ92Updated this week
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raiderβ139Updated 3 years ago
- Reference architecture and proof of concept implementation for supply chain security gatewayβ23Updated 2 years ago
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,β¦β135Updated last year
- Security scanning & static analysis toolβ94Updated 7 months ago
- Clean accounts over permissions in GCP infra at scaleβ71Updated 2 years ago
- Blogpost series showcasing interesting cloud - web app security bugsβ49Updated last year
- β111Updated last year
- WAF bypass PoCβ48Updated last year
- Feed parsing for language package manager updatesβ80Updated 6 months ago
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β133Updated 2 months ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)β23Updated last month
- CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and securitβ¦β53Updated 3 months ago
- Discover vulnerabilities and container image misconfiguration in production environments.β56Updated last week
- β68Updated 4 months ago
- A Golang library for interacting with the EPSS (Exploit Prediction Scoring System).β28Updated 3 months ago
- PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by useβ¦β71Updated 2 years ago
- The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebasβ¦β144Updated last year