jeremylong / malicious-dependencies
Demonstrates how a malicious dependency could negatively impact the build output.
โ25Updated last year
Alternatives and similar repositories for malicious-dependencies:
Users that are interested in malicious-dependencies are comparing it to the libraries listed below
- Takes a software bill of materials and outputs provenance, and activity data from trustypkg.devโ11Updated 5 months ago
- Create notes during a security code review in VSCode ๐ Import your favorite SAST tool findings ๐ ๏ธ and collaborate with others ๐คโ132Updated last week
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. โฆโ61Updated 8 months ago
- Manager of third-party sources of Semgrep rules ๐�โ79Updated 7 months ago
- A Risk-Based Prioritization Taxonomy for prioritizing CVEs (Common Vulnerabilities and Exposures).โ71Updated 10 months ago
- ๐๏ธ STRIDE vs. ASVS equivalence tableโ76Updated 6 months ago
- Semgrep rules corresponding to the OWASP ASVS standardโ27Updated 4 years ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.โ40Updated last year
- InfoSec OpenAI Examplesโ19Updated last year
- boostsecurityio/lotpโ114Updated this week
- AI featured threat modeling and security review actionโ43Updated 3 months ago
- OWASP Foundation Web Respositoryโ28Updated 6 months ago
- ๐งช Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.โ38Updated 3 months ago
- AI featured threat modeling and security review projectโ16Updated 3 months ago
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,โฆโ131Updated last year
- Enriching the NVD CVSS scores to include Temporal & Threat Metricsโ141Updated this week
- LLM Testing Findings Templatesโ68Updated last year
- โ41Updated 2 weeks ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)โ23Updated 8 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsโ101Updated last month
- Nuclei plugins to audit Chrome extensionsโ64Updated 8 months ago
- โ59Updated 2 months ago
- This repository hosts several snippets and file related to the BsidesLV 2024 talk about Shadow and Zombie APIs by meโ17Updated 7 months ago
- โ35Updated 3 years ago
- Blogpost series showcasing interesting cloud - web app security bugsโ47Updated last year
- โ14Updated 2 years ago
- A small tool to help developers understand a huge set of security requirements from appsec teamsโ45Updated 2 years ago
- A community collection of security reviews of open source software components.โ93Updated last year
- StartLeft is an automation tool for generating Threat Models written in the Open Threat Model (OTM) format from a variety of different soโฆโ49Updated this week