blst-security / cherrybombLinks
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
☆1,188Updated 7 months ago
Alternatives and similar repositories for cherrybomb
Users that are interested in cherrybomb are comparing it to the libraries listed below
Sorting:
- Metlo is an open-source API security platform.☆1,647Updated 2 weeks ago
- Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.☆1,947Updated 3 weeks ago
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆809Updated 2 months ago
- Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan☆863Updated this week
- Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free!☆559Updated last year
- Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.☆2,302Updated 2 weeks ago
- A tool for securing CI/CD workflows with version pinning.☆832Updated 3 weeks ago
- Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…☆832Updated this week
- A command-line tool to prevent committing secret keys into your source code☆845Updated last week
- Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom te…☆1,316Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆842Updated last year
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆703Updated this week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆570Updated 2 months ago
- Vulnerable app with examples showing how to not use secrets☆1,319Updated this week
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,117Updated last week
- Connect your local process and your cloud environment, and run local code in cloud conditions.☆4,147Updated this week
- CI/CD Security Analyzer☆659Updated 3 months ago
- An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API securit…☆538Updated 7 months ago
- Secure shell history commands by finding sensitive data☆223Updated 2 years ago
- The Declarative Data Generator☆1,416Updated 8 months ago
- A repo to automatically generate and keep updated a series of Docker images through GitHub Actions.☆551Updated this week
- Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.☆7,341Updated last week
- RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security…☆2,736Updated last month
- Automating situational awareness for cloud penetration tests.☆2,123Updated 2 months ago
- Attack surface detector that identifies endpoints by static analysis☆702Updated last week
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,163Updated this week
- Specification for Platform Agnostic SEcurity TOkens (PASETO)☆241Updated 8 months ago
- A curated list of awesome GraphQL Security frameworks, libraries, software and resources☆335Updated last year
- Sidekick is no longer in service☆1,617Updated last year
- Fuzz test your application using your OpenAPI or Swagger API definition without coding☆447Updated 3 months ago