oxsecurity / codetotalLinks
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
☆78Updated last year
Alternatives and similar repositories for codetotal
Users that are interested in codetotal are comparing it to the libraries listed below
Sorting:
- 🌐 Visualize and explore IaC ✒️ Create and share notes in VS Code 🤝 Sync notes and findings in real-time with friends☆74Updated last year
- ☆113Updated 2 years ago
- FastCVE: A Dockerized CVE search tool with API and CLI support for security vulnerability queries.☆57Updated 3 months ago
- Dependency Combobulator☆93Updated last year
- Manager of third-party sources of Semgrep rules 🗂☆87Updated last year
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆119Updated 2 years ago
- Scan your account for the use of untrusted AMIs☆29Updated 3 weeks ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆105Updated 7 months ago
- ☆60Updated 2 years ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆21Updated 6 months ago
- Scan DockerHub images that match a keyword to find secrets.☆60Updated 4 years ago
- Kubernetes Pwnage for all☆56Updated 4 years ago
- Blogpost series showcasing interesting cloud - web app security bugs☆49Updated 2 years ago
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider☆139Updated 4 years ago
- ☆140Updated 2 weeks ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆66Updated 2 months ago
- ☆39Updated last year
- ☆50Updated last year
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆137Updated 5 months ago
- Documentation of Semgrep: a fast, open-source, static analysis tool.☆42Updated this week
- Tools to assess DNS security.☆152Updated last year
- WAF bypass PoC☆49Updated last year
- boostsecurityio/lotp☆133Updated 5 months ago
- A vulnerable environment for exploring common GCP misconfigurations and vulnerabilities☆29Updated 5 months ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆95Updated 7 months ago
- Discover vulnerabilities and container image misconfiguration in production environments.☆56Updated 2 weeks ago
- An implementation of infrastructure-as-code scanning using dynamic tooling.☆56Updated 3 years ago
- 🔍A cutting edge context aware GraphQL API fuzzing tool!☆148Updated 2 weeks ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆42Updated last year
- GCP GOAT is the vulnerable application for learn the GCP Security☆67Updated 3 months ago