Alternatives and similar repositories for tartufo

Users that are interested in tartufo are comparing it to the libraries listed below

• CycodeLabs / raven
  CI/CD Security Analyzer
  ☆728Updated 11 months ago
• klarna-incubator / gram
  Gram is Klarna's own threat model diagramming tool
  ☆329Updated this week
• chebuya / sastsweep
  tool designed for identifying vulnerabilities in open source codebases at scale. It can gather and filter on key repository metrics such …
  ☆234Updated 11 months ago
• boringtools / git-alerts
  Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
  ☆228Updated last week
• cado-security / cloudgrep
  cloudgrep is grep for cloud storage
  ☆326Updated 11 months ago
• rfc-st / humble
  A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.
  ☆350Updated this week
• newrelic / rusty-hog
  A suite of secret scanners built in Rust for performance. Based on TruffleHog (https://github.com/dxa4481/truffleHog) which is written in…
  ☆540Updated 7 months ago
• avito-tech / deepsecrets
  Secrets scanner that understands code
  ☆192Updated 2 years ago
• Ostorlab / oxo
  OXO is a security scanning orchestrator for the modern age.
  ☆561Updated last week
• Checkmarx / capital
  A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Sec…
  ☆319Updated 5 months ago
• praetorian-inc / gato
  GitHub Actions Pipeline Enumeration and Attack Tool
  ☆722Updated 4 months ago
• cerberauth / vulnapi
  API Security Vulnerability Scanner designed to help you secure your APIs.
  ☆233Updated this week
• tldrsec / awesome-secure-defaults
  Awesome secure by default libraries to help you eliminate bug classes!
  ☆700Updated last month
• ManuelBerrueta / FlowAnalyzer
  FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).
  ☆180Updated last year
• controlplaneio / truffleproc
  truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)
  ☆120Updated 2 years ago
• n0mi1k / subby
  An uber fast and simple subdomain enumeration tool using DNS and web requests with support for detecting wildcard DNS records.
  ☆172Updated last year
• synacktiv / nord-stream
  Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …
  ☆312Updated 3 months ago
• Legit-Labs / legitify
  Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
  ☆827Updated 10 months ago
• 0xdevrel / EasyScan
  Light-weight web security scanner
  ☆150Updated 2 months ago
• elementsinteractive / twyn
  Security tool against dependency typosquatting attacks
  ☆54Updated this week
• dark-warlord14 / CVENotifier
  Customized CVE FEED Notifier
  ☆114Updated 9 months ago
• boostsecurityio / poutine
  boostsecurityio/poutine
  ☆354Updated 2 weeks ago
• AdnaneKhan / gato-x
  GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
  ☆475Updated 3 weeks ago
• apiiro / PRevent
  Prevent merging of malicious code in pull requests
  ☆253Updated 3 weeks ago
• TupleType / awesome-cicd-attacks
  Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
  ☆566Updated 2 months ago
• punk-security / secret-magpie
  Secret Magpie - Secret Detection Tool
  ☆246Updated last year
• owenrumney / squealer
  Telling tales on you for leaking secrets!
  ☆232Updated last week
• anirudhbiyani / findmytakeover
  find dangling domains in a multi cloud environment
  ☆175Updated last month
• cybrota / whispr
  A multi-vault secret injection tool for safely injecting secrets into app environment
  ☆132Updated last month
• kudelskisecurity / youshallnotpass
  YouShallNotPass brings an added level of execution security to mission-critical CI/CD Systems.
  ☆37Updated 2 years ago