Alternatives and similar repositories for GHAST

Users that are interested in GHAST are comparing it to the libraries listed below

• tstromberg / supplychain-attack-data
  Data about all known supply-chain attacks through history
  ☆63Updated 8 months ago
• wspr-ncsu / github-actions-security-analysis
  ☆11Updated 2 years ago
• nccgroup / RFC-Security-Research
  Paper, data and code from Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding In…
  ☆19Updated 5 years ago
• AdnaneKhan / ActionsCacheBlasting
  Proof-of-concept code for research into GitHub Actions Cache poisoning.
  ☆21Updated 11 months ago
• purs3lab / Argus
  ☆52Updated last year
• ossf / security-reviews
  A community collection of security reviews of open source software components.
  ☆96Updated last year
• apiiro / combobulator
  Dependency Combobulator
  ☆95Updated 2 years ago
• trufflesecurity / WhoAmISlack
  Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.
  ☆42Updated 2 years ago
• antitree / go-pillage-registries
  Pentester-focused Docker registry tool to enumerate and pull images
  ☆36Updated 3 months ago
• iosifache / semgrep-rules-manager
  Manager of 14 third-party sources comprising approximately 4,000 Semgrep rules 🗂
  ☆98Updated last month
• AdnaneKhan / ActionsTOCTOU
  Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)
  ☆35Updated 2 weeks ago
• nccgroup / cowcloud
  ☆60Updated 2 years ago
• omar2535 / GraphQLer
  🔍A cutting edge context aware GraphQL API fuzzing tool!
  ☆156Updated last week
• nccgroup / insject
  insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.
  ☆50Updated 4 years ago
• wiz-sec-public / peach-framework
  PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by use…
  ☆74Updated 3 years ago
• 5stars217 / malicious_models
  using ML models for red teaming
  ☆45Updated 2 years ago
• pbom-dev / OSCAR
  A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain
  ☆97Updated last year
• chainguard-sandbox / bom-shelter
  A place to systematically store software bill of materials (SBOM) documents.
  ☆50Updated 2 years ago
• JosephTLucas / lintML
  A security-first linter for code that shouldn't need linting
  ☆17Updated 2 years ago
• doyensec / oidc-ssrf
  An Evil OIDC Server
  ☆54Updated 3 years ago
• SAP / risk-explorer-for-software-supply-chains
  A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and o…
  ☆79Updated this week
• nccgroup / ccs
  ☆114Updated 2 years ago
• stacscan / stacs
  Static Token And Credential Scanner
  ☆95Updated 2 years ago
• abhisek / supply-chain-security-gateway
  Reference architecture and proof of concept implementation for supply chain security gateway
  ☆23Updated 2 years ago
• vishalgarg-sec / Software-Supply-Chain-Security
  A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…
  ☆141Updated 2 years ago
• semgrep / semgrep-docs
  Documentation of Semgrep: a fast, open-source, static analysis tool.
  ☆48Updated this week
• messypoutine / gravy-overflow
  A GitHub Actions Supply Chain CTF / Goat
  ☆27Updated last month
• ghostsecurityarchive / waf-btk
  WAF bypass PoC
  ☆50Updated 2 years ago
• RefactorSecurity / vscode-security-notes
  Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝
  ☆142Updated 3 months ago
• AnubisSec / GroovyWaiter
  ☆17Updated 3 years ago