oxsecurity / codetotalLinks
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potential legal issues with open source licenses.
β77Updated 10 months ago
Alternatives and similar repositories for codetotal
Users that are interested in codetotal are comparing it to the libraries listed below
Sorting:
- π Visualize and explore IaC βοΈ Create and share notes in VS Code π€ Sync notes and findings in real-time with friendsβ73Updated last year
- FastCVE: A Dockerized CVE search tool with API and CLI support for security vulnerability queries.β52Updated 3 weeks ago
- WAF bypass PoCβ48Updated last year
- Dependency Combobulatorβ93Updated last year
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chainβ96Updated 4 months ago
- Manager of third-party sources of Semgrep rules πβ87Updated 11 months ago
- Sharing software supply chain security open source projectsβ50Updated 2 years ago
- β36Updated 10 months ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.β21Updated 3 months ago
- Find which of your direct GitHub dependencies is susceptible to RepoJacking attacksβ58Updated 3 years ago
- A project to visualize the software supply chainβ51Updated last year
- β111Updated 2 years ago
- Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j.β23Updated last year
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β133Updated 2 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagramsβ105Updated 4 months ago
- boostsecurityio/lotpβ126Updated 2 months ago
- PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by useβ¦β71Updated 2 years ago
- Determine privileges from cloud credentials via brute-force testing.β69Updated 10 months ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accountsβ61Updated 2 years ago
- Damn Vulnerable SCA Applicationβ37Updated 2 weeks ago
- Focused malicious code detection ruleset, with a high protection-to-noise ratioβ120Updated 4 months ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. β¦β65Updated last year
- Vulnerable by Design AWS Cloud Development Kit (CDK) Infrastructureβ47Updated last year
- HashiCorp-relevant rules for the Semgrep code analysis toolβ41Updated last year
- Nuclei plugins to audit Chrome extensionsβ65Updated 11 months ago
- Discover vulnerabilities and container image misconfiguration in production environments.β56Updated 2 weeks ago
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β119Updated last year
- β45Updated 7 months ago
- Fast, simple library in Go to fetch CVEs from the National Vulnerability Database feedsβ27Updated last year
- Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and versβ¦β120Updated last week