SecureStackCo / visualizing-software-supply-chain
A project to visualize the software supply chain
โ36Updated last year
Related projects โ
Alternatives and complementary repositories for visualizing-software-supply-chain
- ๐๏ธ STRIDE vs. ASVS equivalence tableโ75Updated 3 months ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. โฆโ55Updated 4 months ago
- A full insecure kubernetes application for testing security toolsโ54Updated this week
- Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructureโ46Updated 10 months ago
- StartLeft is an automation tool for generating Threat Models written in the Open Threat Model (OTM) format from a variety of different soโฆโ48Updated this week
- Holds the public Hacking the Cloud CTFs.โ50Updated 8 months ago
- boostsecurityio/lotpโ102Updated 7 months ago
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessmentsโ110Updated 2 months ago
- โ110Updated last year
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsโ98Updated 9 months ago
- โ153Updated 2 months ago
- PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by useโฆโ65Updated last year
- Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrixโ59Updated last year
- Maturity Model Collaborative projectโ14Updated last year
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,โฆโ126Updated 9 months ago
- This application was built to help reduce the amount of time it takes to review AWS Lambda code.โ60Updated last week
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chainโ86Updated 9 months ago
- Create notes during a security code review in VSCode ๐ Import your favorite SAST tool findings ๐ ๏ธ and collaborate with others ๐คโ131Updated last year
- Clean accounts over permissions in GCP infra at scaleโ71Updated last year
- Protect against subdomain takeoverโ92Updated 6 months ago
- A tool to uncover undocumented APIs from the AWS Console.โ83Updated this week
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raiderโ138Updated 3 years ago
- ๐งช Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.โ33Updated last month
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where wโฆโ89Updated last week
- Documentation of Semgrep: a fast, open-source, static analysis tool.โ37Updated this week
- Container Blackbox Security Auditing Tool: enumerates security configuration from within the target containerโ103Updated 5 years ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflowsโ79Updated this week
- An AWS IAM policy statement parser and query tool.โ157Updated 9 months ago
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.โ59Updated 8 months ago