Alternatives and similar repositories for tartufo

Users that are interested in tartufo are comparing it to the libraries listed below

• boringtools / git-alerts
  Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
  ☆228Updated last month
• CycodeLabs / raven
  CI/CD Security Analyzer
  ☆728Updated 10 months ago
• chebuya / sastsweep
  tool designed for identifying vulnerabilities in open source codebases at scale. It can gather and filter on key repository metrics such …
  ☆235Updated 11 months ago
• klarna-incubator / gram
  Gram is Klarna's own threat model diagramming tool
  ☆330Updated 2 weeks ago
• avito-tech / deepsecrets
  Secrets scanner that understands code
  ☆191Updated 2 years ago
• newrelic / rusty-hog
  A suite of secret scanners built in Rust for performance. Based on TruffleHog (https://github.com/dxa4481/truffleHog) which is written in…
  ☆535Updated 6 months ago
• rfc-st / humble
  A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.
  ☆348Updated this week
• cerberauth / vulnapi
  API Security Vulnerability Scanner designed to help you secure your APIs.
  ☆229Updated last week
• n0mi1k / subby
  An uber fast and simple subdomain enumeration tool using DNS and web requests with support for detecting wildcard DNS records.
  ☆173Updated last year
• elementsinteractive / twyn
  Security tool against dependency typosquatting attacks
  ☆54Updated this week
• Ostorlab / oxo
  OXO is a security scanning orchestrator for the modern age.
  ☆559Updated last week
• synacktiv / nord-stream
  Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …
  ☆315Updated 2 months ago
• cado-security / cloudgrep
  cloudgrep is grep for cloud storage
  ☆327Updated 10 months ago
• apiiro / PRevent
  Prevent merging of malicious code in pull requests
  ☆253Updated 9 months ago
• Checkmarx / capital
  A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Sec…
  ☆315Updated 4 months ago
• 0xdevrel / EasyScan
  Light-weight web security scanner
  ☆149Updated last month
• trufflesecurity / how-to-rotate
  An open-source collection of API key rotation tutorials.
  ☆76Updated 4 months ago
• kudelskisecurity / youshallnotpass
  YouShallNotPass brings an added level of execution security to mission-critical CI/CD Systems.
  ☆37Updated 2 years ago
• Mixeway / Flow
  Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teams
  ☆78Updated 3 weeks ago
• trufflesecurity / force-push-scanner
  Scan for secrets in dangling commits on GitHub using GH Archive data.
  ☆415Updated 6 months ago
• praetorian-inc / gato
  GitHub Actions Pipeline Enumeration and Attack Tool
  ☆724Updated 3 months ago
• controlplaneio / truffleproc
  truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)
  ☆120Updated 2 years ago
• Addepar / RedFlag
  RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs and…
  ☆158Updated last year
• ManuelBerrueta / FlowAnalyzer
  FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).
  ☆180Updated last year
• tldrsec / awesome-secure-defaults
  Awesome secure by default libraries to help you eliminate bug classes!
  ☆700Updated last month
• padok-team / yatas
  A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
  ☆335Updated 3 weeks ago
• cybrota / whispr
  A multi-vault secret injection tool for safely injecting secrets into app environment
  ☆131Updated last week
• adeptex / whispers
  Identify hardcoded secrets in static structured text (version 2)
  ☆96Updated 11 months ago
• Aqua-Nautilus / CVE-Half-Day-Watcher
  ☆314Updated 5 months ago
• fkkarakurt / reconic
  A Powerful Network Reconnaissance Tool for Security Professionals
  ☆106Updated last year