oxsecurity / codetotalLinks
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
β79Updated last year
Alternatives and similar repositories for codetotal
Users that are interested in codetotal are comparing it to the libraries listed below
Sorting:
- π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.β41Updated 10 months ago
- FastCVE: A Dockerized CVE search tool with API and CLI support for security vulnerability queries.β56Updated 4 months ago
- Scan your account for the use of untrusted AMIsβ30Updated 2 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ106Updated 9 months ago
- Manager of third-party sources of Semgrep rules πβ90Updated last year
- β114Updated 2 years ago
- Pentester-focused Docker registry tool to enumerate and pull imagesβ35Updated last week
- A collection of Semgrep rules which followed security guidelines for .NET and Java.β24Updated 4 years ago
- π Visualize and explore IaC βοΈ Create and share notes in VS Code π€ Sync notes and findings in real-time with friendsβ74Updated last year
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β120Updated 2 years ago
- WAF bypass PoCβ49Updated 2 years ago
- Dependency Combobulatorβ93Updated last year
- Focused malicious code detection ruleset, with a high protection-to-noise ratioβ127Updated 8 months ago
- Kubernetes Pwnage for allβ56Updated 4 years ago
- β39Updated last year
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chainβ96Updated 8 months ago
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,β¦β138Updated last year
- Proof-of-concept code for research into GitHub Actions Cache poisoning.β21Updated 7 months ago
- Virtual environment for learning DevSecOpsβ38Updated 7 years ago
- Discover vulnerabilities and container image misconfiguration in production environments.β56Updated last month
- Automated privilege escalation of the world's most popular Docker images.β69Updated 2 years ago
- Secrets scanner that understands codeβ191Updated last year
- Blogpost series showcasing interesting cloud - web app security bugsβ50Updated 2 years ago
- A curated list of argument injection vectorsβ41Updated 9 months ago
- This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interestingβ¦β47Updated last year
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.β42Updated last year
- β103Updated 8 months ago
- πA cutting edge context aware GraphQL API fuzzing tool!β151Updated last month
- This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.β58Updated 9 months ago
- A tool for secrets management, encryption as a service, and privileged access managementβ14Updated 3 months ago