apiiro / malicious-code-rulesetLinks
Focused malicious code detection ruleset, with a high protection-to-noise ratio
β129Updated 9 months ago
Alternatives and similar repositories for malicious-code-ruleset
Users that are interested in malicious-code-ruleset are comparing it to the libraries listed below
Sorting:
- π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.β41Updated 11 months ago
- boostsecurityio/lotpβ138Updated last month
- A security tool that detects malicious packages from external vulnerability feeds and searches for them in your package registries or artβ¦β69Updated last week
- β114Updated 2 years ago
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,β¦β136Updated last year
- Semgrep-based Policy Controller for Kubernetesβ47Updated 8 months ago
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β140Updated last month
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive filesβ227Updated 2 weeks ago
- Gram is Klarna's own threat model diagramming toolβ328Updated this week
- A powerful tool that leverages AI to automatically generate comprehensive security documentation for your projectsβ98Updated last month
- Enriching the NVD CVSS scores to include Temporal & Threat Metricsβ212Updated this week
- Static code analyser for backdoors and malicious code in git repos using OpenAI compatible LLM APIsβ73Updated last year
- An experimental project using LLM technology to generate security documentation for Open Source Software (OSS) projectsβ34Updated 9 months ago
- Data about all known supply-chain attacks through historyβ62Updated 6 months ago
- Build a CVE library with aggregated CISA, EPSS and CVSS dataβ29Updated 2 years ago
- A comprehensive security scanner for Model Context Protocol (MCP) servers that detects vulnerabilities and security issues in your MCP seβ¦β110Updated this week
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ106Updated 10 months ago
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β121Updated 2 years ago
- A project to visualize the software supply chainβ55Updated 2 years ago
- β193Updated 7 months ago
- Manager of third-party sources of Semgrep rules πβ90Updated last year
- Supply-Chain Firewall (SCFW) is a tool for preventing the installation of malicious npm and PyPI packagesβ206Updated this week
- SecureMCP is a security auditing tool designed to detect vulnerabilities and misconfigurations in applications using the [Model Context Pβ¦β132Updated 5 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.β42Updated last year
- A Risk-Based Prioritization Taxonomy for prioritizing CVEs (Common Vulnerabilities and Exposures).β81Updated last year
- Nuclei plugins to audit Chrome extensionsβ65Updated last year
- Pentester-focused Docker registry tool to enumerate and pull imagesβ37Updated last month
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β67Updated 5 months ago
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently β¦β313Updated last month
- HASH (HTTP Agnostic Software Honeypot)β141Updated last year