oxsecurity / codetotal
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
β76Updated 7 months ago
Alternatives and similar repositories for codetotal:
Users that are interested in codetotal are comparing it to the libraries listed below
- FastCVE - fast, rich and API-based search for CVE and more (CPE, CWE, CAPEC)β49Updated 2 months ago
- π Visualize and explore IaC βοΈ Create and share notes in VS Code π€ Sync notes and findings in real-time with friendsβ72Updated last year
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ103Updated 2 months ago
- β110Updated last year
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chainβ91Updated last month
- Manager of third-party sources of Semgrep rules πβ81Updated 8 months ago
- Dependency Combobulatorβ93Updated last year
- Proof-of-concept code for research into GitHub Actions Cache poisoning.β22Updated 3 weeks ago
- Nuclei plugins to audit Chrome extensionsβ64Updated 8 months ago
- Find which of your direct GitHub dependencies is susceptible to RepoJacking attacksβ58Updated 2 years ago
- Documentation of Semgrep: a fast, open-source, static analysis tool.β40Updated this week
- Discover vulnerabilities and container image misconfiguration in production environments.β55Updated last month
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.β37Updated 3 years ago
- π§ͺ Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.β39Updated 3 months ago
- β58Updated last year
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ61Updated last year
- β33Updated 7 months ago
- Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j.β21Updated last year
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β115Updated last year
- boostsecurityio/lotpβ119Updated 2 weeks ago
- Create tar/zip archives that try to exploit zipslip vulnerability.β47Updated 6 months ago
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β132Updated this week
- Determine privileges from cloud credentials via brute-force testing.β67Updated 7 months ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β61Updated 9 months ago
- DefectDojo Community Contentβ17Updated 5 months ago
- Focused malicious code detection ruleset, with a high protection-to-noise ratioβ112Updated last month
- Additional active scan checks for BURPβ26Updated 5 months ago
- An automated GitHub Actions-based crawler that fetches and updates public scopes from popular bug bounty platforms (like Hackerone/Bugcroβ¦β29Updated this week
- Reference architecture and proof of concept implementation for supply chain security gatewayβ23Updated 2 years ago
- Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructureβ46Updated last year