ossillate-inc / packj
Packj stops Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
☆629Updated 7 months ago
Related projects ⓘ
Alternatives and complementary repositories for packj
- Python source code auditing and static analysis on a large scale☆487Updated last year
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆611Updated last week
- CI/CD Security Analyzer☆623Updated 3 weeks ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆247Updated this week
- Open Source Vulnerability schema.☆185Updated this week
- Open Source Package Analysis☆730Updated last week
- Tool to achieve policy driven vetting of open source dependencies☆228Updated last week
- ClusterFuzzLite - Simple continuous fuzzing that runs in CI.☆458Updated 3 weeks ago
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆769Updated this week
- A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…☆331Updated 7 months ago
- a new take on #malware #detection☆435Updated this week
- Network egress filtering and runtime security for GitHub-hosted and self-hosted runners☆618Updated 2 weeks ago
- Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them☆979Updated this week
- boostsecurityio/poutine☆229Updated last week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆509Updated this week
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆364Updated this week
- Python utility for tracking third party dependencies within a library☆457Updated last month
- Secure shell history commands by finding sensitive data☆219Updated last year
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆537Updated this week
- A security layer for Git repositories☆464Updated this week
- GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfigurati…☆166Updated last week
- Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free!☆542Updated 9 months ago
- A Sigstore client written in Python☆227Updated this week
- A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm, but can also run standalo…☆349Updated last month
- Private key usage verification☆406Updated 10 months ago
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆578Updated this week
- Open source vulnerability DB and triage service.☆1,530Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆805Updated last year
- An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.☆139Updated this week
- Awesome secure by default libraries to help you eliminate bug classes!☆668Updated last week