mllamazares / vulncov
π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.
β38Updated 3 months ago
Alternatives and similar repositories for vulncov:
Users that are interested in vulncov are comparing it to the libraries listed below
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.β40Updated last year
- Security tool against dependency typosquatting attacksβ39Updated this week
- Manager of third-party sources of Semgrep rules πβ79Updated 7 months ago
- boostsecurityio/lotpβ112Updated this week
- Semgrep-based Policy Controller for Kubernetesβ47Updated this week
- Protect against subdomain takeoverβ93Updated 9 months ago
- β110Updated last year
- EZGHSA is a command-line tool for summarizing and filtering vulnerability alerts on Github repositories.β35Updated 2 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ101Updated last month
- β67Updated last month
- β33Updated 7 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ60Updated last year
- HashiCorp-relevant rules for the Semgrep code analysis toolβ39Updated last year
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β132Updated this week
- Static code analyser for backdoors and malicious code in git repos using OpenAI compatible LLM APIsβ72Updated last year
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β114Updated last year
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interestingβ¦β47Updated 6 months ago
- Nuclei plugins to audit Chrome extensionsβ64Updated 7 months ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflowsβ82Updated this week
- A tool for preventing the installation of malicious PyPI and npm packagesβ127Updated this week
- Clean accounts over permissions in GCP infra at scaleβ71Updated last year
- WAF bypass PoCβ46Updated last year
- Independently deploy customized honeyservices in AWS to trigger alerts on unauthorized access. It utilizes a dedicated CloudTrail for preβ¦β50Updated 3 months ago
- β47Updated 4 months ago
- A PoC to Simulate Ransomware Attack on AWS Environmentβ30Updated 4 months ago
- Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)β23Updated 8 months ago
- An implementation of infrastructure-as-code scanning using dynamic tooling.β56Updated 3 years ago