Checkmarx / chainjackingLinks
Find which of your direct GitHub dependencies is susceptible to RepoJacking attacks
☆58Updated 3 years ago
Alternatives and similar repositories for chainjacking
Users that are interested in chainjacking are comparing it to the libraries listed below
Sorting:
- Sharing software supply chain security open source projects☆50Updated 2 years ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆65Updated this week
- Dependency Combobulator☆93Updated last year
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers…☆120Updated last week
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆96Updated 4 months ago
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆133Updated 2 months ago
- ☆111Updated 2 years ago
- boostsecurityio/lotp☆126Updated 2 months ago
- Manager of third-party sources of Semgrep rules 🗂☆87Updated 11 months ago
- A project to visualize the software supply chain☆51Updated last year
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.☆38Updated 3 years ago
- WAF bypass PoC☆48Updated last year
- Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code securi…☆77Updated 10 months ago
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆135Updated last year
- 🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.☆39Updated 6 months ago
- A comprehensive list of software composition analysis tools.☆149Updated last year
- FastCVE: A Dockerized CVE search tool with API and CLI support for security vulnerability queries.☆52Updated 3 weeks ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆21Updated 3 months ago
- Protect against subdomain takeover☆92Updated last year
- A Golang library for interacting with the EPSS (Exploit Prediction Scoring System).☆28Updated 4 months ago
- ☆71Updated 5 months ago
- Security scanning & static analysis tool☆94Updated 8 months ago
- Documentation of Semgrep: a fast, open-source, static analysis tool.☆41Updated last week
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider☆139Updated 3 years ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆172Updated 7 months ago
- ☆179Updated 2 months ago
- atom is a novel intermediate representation for applications and a standalone tool that is powered by chen.☆68Updated 2 weeks ago
- Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git☆94Updated last week
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆105Updated 4 months ago
- Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).☆81Updated last year