semgrep / semgrep-actionLinks
This project is deprecated. Use https://github.com/returntocorp/semgrep instead
☆73Updated last year
Alternatives and similar repositories for semgrep-action
Users that are interested in semgrep-action are comparing it to the libraries listed below
Sorting:
- A tool to check the security settings of Github Organizations.☆71Updated 2 years ago
- Documentation of Semgrep: a fast, open-source, static analysis tool.☆41Updated this week
- A Python client for the Snyk API.☆99Updated 10 months ago
- ☆110Updated this week
- A community collection of security reviews of open source software components.☆95Updated last year
- Open Source Vulnerability schema.☆202Updated 3 weeks ago
- Feed parsing for language package manager updates☆79Updated 6 months ago
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated last year
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆172Updated 7 months ago
- Security scanning & static analysis tool☆94Updated 8 months ago
- Technical Advisory Council☆125Updated last week
- Static analysis for CloudFormation templates to identify common misconfiguration☆57Updated 3 years ago
- Semgrep extension for Visual Studio Code☆63Updated this week
- Software Component Verification Standard (SCVS)☆147Updated 2 months ago
- Securing Alice's, Bob's and Carl's software supply chain using in-toto☆93Updated 2 weeks ago
- ☆63Updated 2 years ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆191Updated 2 months ago
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.☆38Updated 3 years ago
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆155Updated 9 months ago
- Github action to run dependency check☆81Updated 2 weeks ago
- Purpose-built security agent for hosted runners☆36Updated last month
- KaiMonkey provides vulnerable infrastructure as code (IaC) to help explore and understand common cloud security threats exposed via IaC.☆101Updated last year
- Documenting your Threat Models with HCL☆431Updated 3 weeks ago
- Generate a score for your sbom to understand if it will actually be useful.☆229Updated 10 months ago
- Awesome Snyk community contributions, champions, integrations, blogs, tools and more 💜☆47Updated 3 years ago
- Generate SBOMs with gh CLI☆187Updated 3 weeks ago
- Low-effort reachability analysis for third-party code vulnerabilities.