jeremylong / malicious-dependencies
Demonstrates how a malicious dependency could negatively impact the build output.
โ25Updated last year
Alternatives and similar repositories for malicious-dependencies:
Users that are interested in malicious-dependencies are comparing it to the libraries listed below
- Semgrep rules corresponding to the OWASP ASVS standardโ27Updated 4 years ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsโ101Updated last month
- ๐๏ธ STRIDE vs. ASVS equivalence tableโ75Updated 6 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.โ40Updated last year
- Manager of third-party sources of Semgrep rules ๐โ79Updated 7 months ago
- ๐งช Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.โ38Updated 3 months ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. โฆโ61Updated 8 months ago
- boostsecurityio/lotpโ114Updated this week
- โ110Updated last year
- Takes a software bill of materials and outputs provenance, and activity data from trustypkg.devโ11Updated 5 months ago
- Create notes during a security code review in VSCode ๐ Import your favorite SAST tool findings ๐ ๏ธ and collaborate with others ๐คโ132Updated last week
- AI featured threat modeling and security review actionโ43Updated 3 months ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)โ23Updated 8 months ago
- A small tool to help developers understand a huge set of security requirements from appsec teamsโ45Updated 2 years ago
- LLM Testing Findings Templatesโ68Updated last year
- InfoSec OpenAI Examplesโ19Updated last year
- โ35Updated 3 years ago
- โ98Updated last week
- This repository hosts several snippets and file related to the BsidesLV 2024 talk about Shadow and Zombie APIs by meโ17Updated 7 months ago
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,โฆโ131Updated last year
- Proof-of-concept code for research into GitHub Actions Cache poisoning.โ22Updated this week
- โ59Updated 2 months ago
- NextJS-based single-page application for completing and reviewing SAMM assessmentsโ70Updated last year
- Nuclei plugins to audit Chrome extensionsโ64Updated 7 months ago
- Blogpost series showcasing interesting cloud - web app security bugsโ47Updated last year
- Build a CVE library with aggregated CISA, EPSS and CVSS dataโ27Updated last year
- Pin designs for security related itemsโ37Updated 10 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsโ60Updated last year
- โ32Updated 3 years ago