Alternatives and similar repositories for tartufo

Users that are interested in tartufo are comparing it to the libraries listed below

• owasp-noir / noir
  Attack surface detector that identifies endpoints by static analysis
  ☆697Updated last week
• boostsecurityio / poutine
  boostsecurityio/poutine
  ☆267Updated last week
• Ostorlab / oxo
  OXO is a security scanning orchestrator for the modern age.
  ☆551Updated last week
• cado-security / cloudgrep
  cloudgrep is grep for cloud storage
  ☆327Updated 2 months ago
• rfc-st / humble
  A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.
  ☆312Updated last week
• boringtools / git-alerts
  Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
  ☆218Updated last month
• Escape-Technologies / awesome-graphql-security
  A curated list of awesome GraphQL Security frameworks, libraries, software and resources
  ☆333Updated last year
• dolevf / graphql-cop
  Security Auditor Utility for GraphQL APIs
  ☆456Updated 2 months ago
• CycodeLabs / raven
  CI/CD Security Analyzer
  ☆657Updated 2 months ago
• chebuya / sastsweep
  tool designed for identifying vulnerabilities in open source codebases at scale. It can gather and filter on key repository metrics such …
  ☆226Updated 3 months ago
• synacktiv / nord-stream
  Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …
  ☆278Updated 3 months ago
• klarna-incubator / gram
  Gram is Klarna's own threat model diagramming tool
  ☆320Updated 2 weeks ago
• domain-protect / domain-protect
  OWASP Domain Protect - prevent subdomain takeover
  ☆397Updated 4 months ago
• avito-tech / deepsecrets
  Secrets scanner that understands code
  ☆189Updated last year
• TupleType / awesome-cicd-attacks
  Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
  ☆515Updated 2 months ago
• anirudhbiyani / findmytakeover
  find dangling domains in a multi cloud environment
  ☆142Updated this week
• punk-security / secret-magpie
  Secret Magpie - Secret Detection Tool
  ☆226Updated 10 months ago
• assetnote / ghostbuster
  Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.
  ☆271Updated 7 months ago
• padok-team / yatas
  A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
  ☆319Updated this week
• x1trap / websec-answers
  Websec interview questions by tib3rius answered
  ☆308Updated last year
• controlplaneio / truffleproc
  truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)
  ☆118Updated last year
• praetorian-inc / gato
  GitHub Actions Pipeline Enumeration and Attack Tool
  ☆639Updated last month
• hotnops / apeman
  AWS Attack Path Management Tool - Walking on the Moon
  ☆249Updated 5 months ago
• cybrota / whispr
  A multi-vault secret injection tool for safely injecting secrets into app environment
  ☆124Updated 3 weeks ago
• jstawinski / GitHub-Actions-Attack-Diagram
  ☆182Updated last month
• Eilonh / s3crets_scanner
  ☆568Updated 2 years ago
• Addepar / RedFlag
  RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs and…
  ☆149Updated 5 months ago
• badkeys / badkeys
  Tool to find common vulnerabilities in cryptographic public keys
  ☆282Updated 3 weeks ago
• redhuntlabs / BucketLoot
  BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…
  ☆411Updated 3 months ago
• Legit-Labs / legitify
  Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
  ☆803Updated last month