crashappsec / chalk
Chalk allows you to follow code from development, through builds and into production.
☆348Updated this week
Related projects: ⓘ
- A security layer for Git repositories☆447Updated this week
- CI/CD Security Analyzer☆610Updated 3 weeks ago
- Lambda function that streamlines containment of an AWS account compromise☆316Updated 9 months ago
- Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini☆143Updated 6 months ago
- RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs and…☆137Updated last month
- Evaluate source control (GitHub) security posture☆248Updated last year
- CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments.☆264Updated 2 weeks ago
- A universal SBOM representation in protocol buffers☆247Updated this week
- A list of cloud security tools and vendors.☆124Updated 2 weeks ago
- Documenting your Threat Models with HCL☆397Updated 2 weeks ago
- A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs☆342Updated last week
- detect malicious program behaviors☆404Updated this week
- boostsecurityio/poutine☆202Updated this week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆494Updated this week
- A curated list of resources about detecting threats and defending Kubernetes systems.☆355Updated last year
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆759Updated last week
- ☆234Updated 4 months ago
- Gram is Klarna's own threat model diagramming tool☆267Updated last week
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆165Updated 7 months ago
- Cloud Commotion intends to cause chaos to simulate security incidents☆122Updated 3 months ago
- Generate a score for your sbom to understand if it will actually be useful.☆219Updated last month
- A Software as a Service (SaaS) log collection framework.☆130Updated 3 weeks ago
- cloudgrep is grep for cloud storage☆314Updated last month
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆403Updated this week
- ☆344Updated 5 months ago
- Generate datasets of cloud audit logs for common attacks☆158Updated last month
- CLI that scans directories for Cloud Provider SDK usage generates the IAM Policies/Permissions needed☆72Updated 3 months ago
- A tool to check the security settings of Github Organizations.☆68Updated last year
- Software Supply Chain Security Platform☆246Updated this week
- Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build …☆251Updated this week