oxsecurity / codetotalLinks
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
☆76Updated 9 months ago
Alternatives and similar repositories for codetotal
Users that are interested in codetotal are comparing it to the libraries listed below
Sorting:
- Documentation of Semgrep: a fast, open-source, static analysis tool.☆41Updated this week
- FastCVE: A Dockerized CVE search tool with API and CLI support for security vulnerability queries.☆52Updated this week
- 🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.☆39Updated 5 months ago
- Dependency Combobulator☆93Updated last year
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆118Updated last year
- 🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends☆73Updated last year
- Manager of third-party sources of Semgrep rules 🗂☆86Updated 10 months ago
- ☆111Updated last year
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers…☆120Updated this week
- Focused malicious code detection ruleset, with a high protection-to-noise ratio☆119Updated 3 months ago
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider☆139Updated 3 years ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆65Updated 11 months ago
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆133Updated 2 months ago
- Find which of your direct GitHub dependencies is susceptible to RepoJacking attacks☆58Updated 3 years ago
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.☆38Updated 3 years ago
- A collection of Semgrep rules which followed security guidelines for .NET and Java.☆23Updated 3 years ago
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆135Updated last year
- Sharing software supply chain security open source projects☆50Updated 2 years ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆105Updated 4 months ago
- Automated privilege escalation of the world's most popular Docker images.☆66Updated last year
- Discover vulnerabilities and container image misconfiguration in production environments.☆56Updated last week
- A multi-cloud DNS record scanner that aims to help cybersecurity/IT analysts identify dangling CNAME records in their cloud DNS services …☆49Updated 2 years ago
- ☆72Updated 3 weeks ago
- InfoSec OpenAI Examples☆19Updated last year
- Nuclei plugins to audit Chrome extensions☆64Updated 10 months ago
- Jumpstart multiple WebSocket servers quickly☆31Updated 3 years ago
- ☆36Updated 10 months ago
- An extension to use Semgrep inside Burp Suite.☆89Updated 2 weeks ago
- Kubernetes Pwnage for all☆57Updated 4 years ago
- Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j.☆21Updated last year