mllamazares / vulncov
π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.
β33Updated last month
Related projects β
Alternatives and complementary repositories for vulncov
- boostsecurityio/lotpβ101Updated 7 months ago
- Protect against subdomain takeoverβ92Updated 5 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ98Updated 9 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.β39Updated 11 months ago
- Static code analyser for backdoors and malicious code in git repos using OpenAI compatible LLM APIsβ69Updated 8 months ago
- Manager of third-party sources of Semgrep rules πβ76Updated 4 months ago
- A tool to uncover undocumented APIs from the AWS Console.β83Updated 2 months ago
- EZGHSA is a command-line tool for summarizing and filtering vulnerability alerts on Github repositories.β35Updated 5 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ57Updated last year
- Security tool against dependency typosquatting attacksβ34Updated this week
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β110Updated last year
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β131Updated last year
- β110Updated last year
- ποΈ STRIDE vs. ASVS equivalence tableβ75Updated 2 months ago
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interestingβ¦β39Updated 3 months ago
- HashiCorp-relevant rules for the Semgrep code analysis toolβ37Updated last year
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflowsβ79Updated this week
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalationβ100Updated 9 months ago
- β28Updated 3 months ago
- Nuclei plugins to audit Chrome extensionsβ64Updated 4 months ago
- Clean accounts over permissions in GCP infra at scaleβ71Updated last year
- boostsecurityio/poutineβ231Updated this week
- The security workflow engine!β73Updated this week
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive filesβ196Updated last month
- Container Blackbox Security Auditing Tool: enumerates security configuration from within the target containerβ102Updated 5 years ago
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.β59Updated 8 months ago
- β40Updated last month
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessmentsβ104Updated 2 months ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β55Updated 4 months ago
- WAF bypass PoCβ43Updated last year