Alternatives and similar repositories for tartufo:

Users that are interested in tartufo are comparing it to the libraries listed below

• CycodeLabs / raven
  CI/CD Security Analyzer
  ☆642Updated 3 months ago
• dolevf / graphql-cop
  Security Auditor Utility for GraphQL APIs
  ☆404Updated this week
• chebuya / sastsweep
  Automatically detect potential vulnerabilities and analyze repository metrics to prioritize open source security research targets
  ☆204Updated 2 months ago
• rfc-st / humble
  A humble, and 𝗳𝗮𝘀𝘁, security-oriented HTTP headers analyzer.
  ☆298Updated this week
• boostsecurityio / poutine
  boostsecurityio/poutine
  ☆243Updated last week
• klarna-incubator / gram
  Gram is Klarna's own threat model diagramming tool
  ☆292Updated this week
• tldrsec / awesome-secure-defaults
  Awesome secure by default libraries to help you eliminate bug classes!
  ☆674Updated 2 months ago
• boringtools / git-alerts
  Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
  ☆214Updated 3 weeks ago
• synacktiv / nord-stream
  Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …
  ☆266Updated last month
• assetnote / ghostbuster
  Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts.
  ☆267Updated 4 months ago
• owasp-noir / noir
  Attack surface detector that identifies endpoints by static analysis
  ☆640Updated this week
• trufflesecurity / driftwood
  Private key usage verification
  ☆419Updated last month
• Escape-Technologies / awesome-graphql-security
  A curated list of awesome GraphQL Security frameworks, libraries, software and resources
  ☆309Updated 11 months ago
• ghostsecurity / reaper
  💀 Don't fear the Reaper 👻
  ☆440Updated 3 weeks ago
• domain-protect / domain-protect
  OWASP Domain Protect - prevent subdomain takeover
  ☆401Updated 3 weeks ago
• n0mi1k / subby
  An uber fast and simple subdomain enumeration tool using DNS and web requests with support for detecting wildcard DNS records.
  ☆171Updated 8 months ago
• praetorian-inc / gato
  GitHub Actions Pipeline Enumeration and Attack Tool
  ☆579Updated 5 months ago
• controlplaneio / truffleproc
  truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)
  ☆113Updated last year
• cado-security / cloudgrep
  cloudgrep is grep for cloud storage
  ☆321Updated last month
• redhuntlabs / BucketLoot
  BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…
  ☆392Updated 5 months ago
• Addepar / RedFlag
  RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs and…
  ☆144Updated last month
• avito-tech / deepsecrets
  Secrets scanner that understands code
  ☆188Updated last year
• BishopFox / sj
  A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.
  ☆572Updated 2 months ago
• anirudhbiyani / findmytakeover
  find dangling domains in a multi cloud environment
  ☆136Updated 2 weeks ago
• jstawinski / GitHub-Actions-Attack-Diagram
  ☆161Updated 4 months ago
• Checkmarx / capital
  A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Sec…
  ☆280Updated 9 months ago
• edera-dev / am-i-isolated
  Validate the isolation posture of your container environment.
  ☆228Updated this week
• trufflesecurity / how-to-rotate
  An open-source collection of API key rotation tutorials.
  ☆63Updated last month
• Aqua-Nautilus / CVE-Half-Day-Watcher
  ☆294Updated 5 months ago
• ManuelBerrueta / FlowAnalyzer
  FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).
  ☆179Updated 6 months ago