PortSwigger / ci-driven-scan-github-actionLinks
A github action that allows you to run a vulnerability scan.
☆13Updated last year
Alternatives and similar repositories for ci-driven-scan-github-action
Users that are interested in ci-driven-scan-github-action are comparing it to the libraries listed below
Sorting:
- Scans your Github Actions for security issues☆77Updated last week
- boostsecurityio/lotp☆128Updated 3 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆61Updated 2 years ago
- An Awesome List of Log4Shell resources to help you stay informed and secure! 🔒☆229Updated 2 years ago
- Mitigate security concerns of Dependency Confusion supply chain security risks☆48Updated 2 weeks ago
- An open-source collection of API key rotation tutorials.☆70Updated 3 weeks ago
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.☆38Updated 3 years ago
- ☆34Updated 2 months ago
- Holds the public Hacking the Cloud CTFs.☆56Updated last year
- Curated list of security tools☆66Updated last year
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆119Updated last year
- 🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️☆219Updated 2 years ago
- S3 Account Search☆10Updated 9 months ago
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments☆142Updated 6 months ago
- How GitHub Actions workflows can be hacked☆162Updated 10 months ago
- Venom tests suite to validate an HTTP security response headers configuration against OSHP recommendation.☆126Updated this week
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆107Updated last year
- 🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.☆39Updated 7 months ago
- Obtain GraphQL API Schema even if the introspection is not enabled☆11Updated 2 years ago
- Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git☆94Updated last week
- Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.☆275Updated 9 months ago
- ☆111Updated 2 years ago
- A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration☆328Updated 3 weeks ago
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆133Updated 3 months ago
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆156Updated 10 months ago
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆293Updated 5 months ago
- This application was built to help reduce the amount of time it takes to review AWS Lambda code.☆60Updated 8 months ago
- openrisk is a tool that generates a risk score based on the results of a Nuclei scan.☆172Updated 5 months ago
- Checks all maintainers of all NPM and Pypi packages for hijackable packages through domain re-registration☆296Updated this week
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆110Updated last week