oxsecurity / codetotal
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
β76Updated 6 months ago
Alternatives and similar repositories for codetotal:
Users that are interested in codetotal are comparing it to the libraries listed below
- FastCVE - fast, rich and API-based search for CVE and more (CPE, CWE, CAPEC)β46Updated last month
- π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.β38Updated 2 months ago
- Dependency Combobulatorβ89Updated last year
- Manager of third-party sources of Semgrep rules πβ78Updated 6 months ago
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β114Updated last year
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chainβ90Updated last week
- Create tar/zip archives that try to exploit zipslip vulnerability.β47Updated 5 months ago
- Find which of your direct GitHub dependencies is susceptible to RepoJacking attacksβ58Updated 2 years ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.β22Updated 2 months ago
- π Visualize and explore IaC βοΈ Create and share notes in VS Code π€ Sync notes and findings in real-time with friendsβ71Updated last year
- Sharing software supply chain security open source projectsβ45Updated 2 years ago
- Security tool against dependency typosquatting attacksβ39Updated last week
- Nuclei plugins to audit Chrome extensionsβ63Updated 7 months ago
- Salesforce object access auditorβ111Updated 2 years ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β61Updated 7 months ago
- β109Updated last year
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ101Updated 3 weeks ago
- GCP GOAT is the vulnerable application for learn the GCP Securityβ63Updated last year
- boostsecurityio/lotpβ112Updated this week
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.β35Updated 3 years ago
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β132Updated last year
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and versβ¦β105Updated this week
- β32Updated 6 months ago
- VMC: a Scalable, Open Source and Free Vulnerability Management Platformβ86Updated 3 weeks ago
- An extension to use Semgrep inside Burp Suite.β88Updated last year
- πA cutting edge context aware GraphQL API fuzzing tool!β133Updated this week
- β55Updated 2 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.β40Updated last year
- Semgrep-based Policy Controller for Kubernetesβ46Updated this week
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ60Updated last year