mllamazares / vulncov
π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.
β33Updated 3 weeks ago
Related projects β
Alternatives and complementary repositories for vulncov
- EZGHSA is a command-line tool for summarizing and filtering vulnerability alerts on Github repositories.β35Updated 5 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.β39Updated 11 months ago
- RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs andβ¦β140Updated 2 weeks ago
- HashiCorp-relevant rules for the Semgrep code analysis toolβ37Updated last year
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflowsβ79Updated last week
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ57Updated last year
- A tool to uncover undocumented APIs from the AWS Console.β80Updated last month
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ97Updated 9 months ago
- Clean accounts over permissions in GCP infra at scaleβ71Updated last year
- LLM Testing Findings Templatesβ65Updated 8 months ago
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β110Updated last year
- Static code analyser for backdoors and malicious code in git repos using OpenAI compatible LLM APIsβ69Updated 8 months ago
- boostsecurityio/lotpβ100Updated 7 months ago
- An implementation of infrastructure-as-code scanning using dynamic tooling.β56Updated 2 years ago
- Nuclei plugins to audit Chrome extensionsβ64Updated 3 months ago
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interestingβ¦β39Updated 2 months ago
- Protect against subdomain takeoverβ92Updated 5 months ago
- AI featured threat modeling and security review actionβ40Updated 5 months ago
- A small tool to help developers understand a huge set of security requirements from appsec teamsβ45Updated 2 years ago
- Manager of third-party sources of Semgrep rules πβ76Updated 3 months ago
- ποΈ STRIDE vs. ASVS equivalence tableβ75Updated 2 months ago
- A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installsβ52Updated last year
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β129Updated last year
- β39Updated last month
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive filesβ196Updated last month
- The security workflow engine!β73Updated this week
- β151Updated 2 months ago
- Independently deploy customized honeyservices in AWS to trigger alerts on unauthorized access. It utilizes a dedicated CloudTrail for preβ¦β43Updated 6 months ago
- Build a CVE library with aggregated CISA, EPSS and CVSS dataβ27Updated last year
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β55Updated 4 months ago