oxsecurity / codetotal
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
☆76Updated 8 months ago
Alternatives and similar repositories for codetotal:
Users that are interested in codetotal are comparing it to the libraries listed below
- FastCVE - fast, rich and API-based search for CVE and more (CPE, CWE, CAPEC)☆49Updated last week
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆62Updated 10 months ago
- Documentation of Semgrep: a fast, open-source, static analysis tool.☆40Updated this week
- A project to visualize the software supply chain☆45Updated last year
- 🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends☆72Updated last year
- ☆110Updated last year
- 🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.☆39Updated 4 months ago
- Dependency Combobulator☆93Updated last year
- Create tar/zip archives that try to exploit zipslip vulnerability.☆47Updated 7 months ago
- Manager of third-party sources of Semgrep rules 🗂☆81Updated 9 months ago
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting…☆46Updated 8 months ago
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆116Updated last year
- Discover vulnerabilities and container image misconfiguration in production environments.☆55Updated last month
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers…☆114Updated last week
- Focused malicious code detection ruleset, with a high protection-to-noise ratio☆116Updated 2 months ago
- ☆35Updated 8 months ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆40Updated last year
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆22Updated last month
- Semgrep-based Policy Controller for Kubernetes☆47Updated 3 weeks ago
- ☆72Updated 3 months ago
- A multi-cloud DNS record scanner that aims to help cybersecurity/IT analysts identify dangling CNAME records in their cloud DNS services …☆49Updated 2 years ago
- Efficient DevSecOps☆47Updated 4 months ago
- ☆57Updated last year
- boostsecurityio/lotp☆123Updated last week
- Exploit CVE-2021-25735: Kubernetes Validating Admission Webhook Bypass☆18Updated 4 years ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆61Updated last year
- Nuclei plugins to audit Chrome extensions☆64Updated 9 months ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆92Updated 2 months ago
- Kubernetes Pwnage for all☆57Updated 4 years ago
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆133Updated 3 weeks ago