Alternatives and similar repositories for lucha:

Users that are interested in lucha are comparing it to the libraries listed below

• mllamazares / STRIDE-vs-ASVS
  🖇️ STRIDE vs. ASVS equivalence table
  ☆76Updated 7 months ago
• xvnpw / sec-docs
  An experimental project using LLM technology to generate security documentation for Open Source Software (OSS) projects
  ☆26Updated last month
• Rezonate-io / github-oidc-checker
  Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts
  ☆61Updated last year
• domain-protect / domain-protect-gcp
  Protect against subdomain takeover
  ☆93Updated 10 months ago
• kpolley / slackurity
  Slack bot which promotes Defense in Depth/Zero Trust security practices
  ☆24Updated 2 years ago
• jdyke / gcp-iam-analyzer
  Compares and analyzes GCP IAM roles.
  ☆77Updated 2 weeks ago
• nccgroup / ccs
  ☆110Updated last year
• Vulnetix / vulnetix
  Automate vulnerability triage which prioritizes remediation over discovery
  ☆16Updated this week
• zmallen / cloudtrail2sightings
  Convert cloudtrail data to MITRE ATT&CK Sightings
  ☆79Updated 2 years ago
• xvnpw / ai-security-analyzer
  A powerful tool that leverages AI to automatically generate comprehensive security documentation for your projects
  ☆58Updated 2 weeks ago
• boostsecurityio / lotp
  boostsecurityio/lotp
  ☆116Updated 2 weeks ago
• hashicorp-forge / semgrep-rules
  HashiCorp-relevant rules for the Semgrep code analysis tool
  ☆39Updated last year
• secmerc / materialize-threats
  ☆63Updated 2 years ago
• Nextdoor / cspm_evaluation_matrix
  Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrix
  ☆58Updated last year
• t0sche / cvss-bt
  Enriching the NVD CVSS scores to include Temporal & Threat Metrics
  ☆174Updated this week
• ncc-erik-steringer / Aerides
  An implementation of infrastructure-as-code scanning using dynamic tooling.
  ☆56Updated 3 years ago
• semgrep-old / rules-owasp-asvs
  Semgrep rules corresponding to the OWASP ASVS standard
  ☆27Updated 4 years ago
• piercing-index / cloud-vulnerabilities
  ☆41Updated last month
• trufflesecurity / WhoAmISlack
  Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.
  ☆40Updated last year
• disruptops / IncidentResponseGenerator
  Updated incident response generator for training classes
  ☆43Updated 3 years ago
• somethingnew2-0 / SimpleCSPM
  GCP CSPM using Google Sheets
  ☆35Updated 9 months ago
• DataDog / workload-security-evaluator
  Tooling to simulate runtime attacks and test default runtime detections from Datadog Cloud Security Management.
  ☆30Updated 5 months ago
• DataDog / supply-chain-firewall
  A tool for preventing the installation of malicious PyPI and npm packages
  ☆130Updated this week
• carta / krang
  Knowledge Report Alert & Normalization Generator
  ☆27Updated last year
• jstawinski / GitHub-Actions-Attack-Diagram
  ☆164Updated 6 months ago
• adanalvarez / TrailDiscover
  An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…
  ☆146Updated last month
• mllamazares / vulncov
  🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.
  ☆39Updated 3 months ago
• theparanoids / PrioritizedRiskRemediation
  A Risk-Based Prioritization Taxonomy for prioritizing CVEs (Common Vulnerabilities and Exposures).
  ☆73Updated 10 months ago
• xvnpw / ai-threat-modeling-action
  AI featured threat modeling and security review action
  ☆43Updated 4 months ago
• JOSHUAJEBARAJ / GCP-GOAT
  GCP GOAT is the vulnerable application for learn the GCP Security
  ☆64Updated last year