snyk-labs / github-actions-scanner
Scans your Github Actions for security issues
☆56Updated last month
Alternatives and similar repositories for github-actions-scanner:
Users that are interested in github-actions-scanner are comparing it to the libraries listed below
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆153Updated 5 months ago
- Protect against subdomain takeover☆92Updated 8 months ago
- Octoscan is a static vulnerability scanner for GitHub action workflows.☆188Updated last week
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆132Updated last year
- How GitHub Actions workflows can be hacked☆117Updated 5 months ago
- ☆161Updated 4 months ago
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆101Updated 11 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆101Updated 2 weeks ago
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆60Updated last year
- boostsecurityio/lotp☆111Updated last month
- Test & Compare different Kubernetes security offerings on EKS, GKE and AKS☆36Updated 5 months ago
- Simple Command Line Tool to Enumerate Slack Workspace Names from Slack Webhook URLs.☆39Updated last year
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆113Updated last year
- Discover vulnerabilities and container image misconfiguration in production environments.☆54Updated last week
- WAF bypass PoC☆46Updated last year
- The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use …☆62Updated 7 months ago
- An open-source collection of API key rotation tutorials.☆63Updated last month
- Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev☆11Updated 3 months ago
- A tool for preventing the installation of malicious PyPI and npm packages☆120Updated last month
- A tool to check the security settings of Github Organizations.☆70Updated last year
- CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).☆102Updated 3 weeks ago
- Nuclei plugins to audit Chrome extensions☆64Updated 6 months ago
- boostsecurityio/poutine☆244Updated 3 weeks ago
- OWASP Foundation Web Respository☆42Updated 4 months ago
- Blazing fast GraphQL discovery & fingerprinting toolbox.☆106Updated last year
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆216Updated last month
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆21Updated last month
- Demonstrates how a malicious dependency could negatively impact the build output.☆24Updated last year
- ☆91Updated 2 months ago