oxsecurity / codetotalLinks
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
β78Updated 10 months ago
Alternatives and similar repositories for codetotal
Users that are interested in codetotal are comparing it to the libraries listed below
Sorting:
- FastCVE: A Dockerized CVE search tool with API and CLI support for security vulnerability queries.β52Updated last month
- π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.β39Updated 6 months ago
- A vulnerable environment for exploring common GCP misconfigurations and vulnerabilitiesβ27Updated 3 months ago
- Manager of third-party sources of Semgrep rules πβ87Updated 11 months ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.β21Updated 3 months ago
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interestingβ¦β47Updated 10 months ago
- β111Updated 2 years ago
- Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j.β23Updated last year
- Discover vulnerabilities and container image misconfiguration in production environments.β56Updated 3 weeks ago
- β31Updated 2 years ago
- Dependency Combobulatorβ93Updated last year
- A project to visualize the software supply chainβ51Updated last year
- Binary builds for dep-scan - The Dependency Scannerβ10Updated last year
- Create tar/zip archives that try to exploit zipslip vulnerability.β47Updated 9 months ago
- β47Updated last year
- Semgrep-based Policy Controller for Kubernetesβ47Updated 3 months ago
- π Visualize and explore IaC βοΈ Create and share notes in VS Code π€ Sync notes and findings in real-time with friendsβ73Updated last year
- A Golang library for interacting with the EPSS (Exploit Prediction Scoring System).β28Updated 4 months ago
- WAF bypass PoCβ48Updated last year
- β57Updated 2 years ago
- β12Updated 3 months ago
- Automated privilege escalation of the world's most popular Docker images.β66Updated last year
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ61Updated 2 years ago
- Prototype of Full Agentic Application Security Testing, FAAST = SAST + DAST + LLM agentsβ55Updated 2 months ago
- boostsecurityio/lotpβ127Updated 2 months ago
- HashiCorp-relevant rules for the Semgrep code analysis toolβ41Updated last year
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β119Updated last year
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.β42Updated last year
- Determine privileges from cloud credentials via brute-force testing.β69Updated 10 months ago
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β133Updated 3 months ago