Checkmarx / dustilock
DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.
β37Updated 3 years ago
Alternatives and similar repositories for dustilock:
Users that are interested in dustilock are comparing it to the libraries listed below
- Fetch the details of assets hosted on AWS.β86Updated last year
- Manager of third-party sources of Semgrep rules πβ81Updated 8 months ago
- Scans your Github Actions for security issuesβ62Updated last month
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ102Updated last month
- Script to audit GitHub Action Workflow files for potential vulnerabilities.β153Updated 6 months ago
- π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.β39Updated 3 months ago
- Awesome resources about Security in Kubernetesβ42Updated 2 years ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)β23Updated 8 months ago
- The Open Security Summit is focused on the collaboration between, Developers and Application Securityβ45Updated 3 months ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β61Updated 9 months ago
- β110Updated last year
- An extension to use Semgrep inside Burp Suite.β88Updated last year
- A project to visualize the software supply chainβ43Updated last year
- Proof-of-concept code for research into GitHub Actions Cache poisoning.β22Updated 2 weeks ago
- Semgrep rules corresponding to the OWASP ASVS standardβ27Updated 4 years ago
- openrisk is a tool that generates a risk score based on the results of a Nuclei scan.β166Updated last month
- yataf extracts secrets and paths from files or urls - its best used against javascript filesβ52Updated 6 months ago
- boostsecurityio/lotpβ116Updated 2 weeks ago
- How GitHub Actions workflows can be hackedβ147Updated 7 months ago
- swagroutes is a command-line tool that extracts and lists API routes from Swagger files in YAML or JSON format.β56Updated last year
- Protect against subdomain takeoverβ93Updated 10 months ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chainβ91Updated last month
- An open-source collection of API key rotation tutorials.β67Updated last week
- A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staβ¦β25Updated last year
- List all public repositories for (valid) GitHub usernamesβ71Updated last year
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β132Updated this week
- InfoSec OpenAI Examplesβ19Updated last year
- FastCVE - fast, rich and API-based search for CVE and more (CPE, CWE, CAPEC)β49Updated 2 months ago
- Mapping from bug bounty and vulnerability disclosure programs to respective GitHub organizationsβ58Updated this week
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raiderβ138Updated 3 years ago