Alternatives and similar repositories for vulncost:

Users that are interested in vulncost are comparing it to the libraries listed below

• ossf / package-manager-best-practices
  Collection of security best practices for package managers.
  ☆161Updated 2 years ago
• spaceraccoon / npm-scan
  An extensible, heuristic-based vulnerability scanning tool for installed npm packages
  ☆50Updated 3 years ago
• nodejs / security-advisories
  Security advisories for Node.js and the JavaScript ecosystem.
  ☆41Updated 3 years ago
• UlisesGascon / check-my-headers
  Fast and simple way to check any HTTP Headers
  ☆45Updated last year
• webschik / tslint-config-security
  TSLint security rules
  ☆70Updated 4 years ago
• mozilla / eslint-plugin-no-unsanitized
  Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike
  ☆233Updated last month
• davisjam / vuln-regex-detector
  Detect vulnerable regexes in your project. REDOS, catastrophic backtracking.
  ☆319Updated 3 years ago
• fregante / ghat
  🛕 Reuse GitHub Actions workflows across repositories
  ☆265Updated 3 years ago
• lirantal / eslint-plugin-anti-trojan-source
  ESLint plugin to detect and stop Trojan Source attacks
  ☆76Updated 2 years ago
• sonatype-nexus-community / auditjs
  Audits an NPM package.json file to identify known vulnerabilities.
  ☆225Updated 2 months ago
• ajinabraham / njsscan
  njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
  ☆383Updated 2 months ago
• OWASP / cwe-tool
  A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
  ☆55Updated 4 months ago
• rouanw / npm-audit-helper
  Helps you understand and work through npm audit results
  ☆19Updated 2 years ago
• OWASP / cwe-sdk-javascript
  A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC
  ☆33Updated last week
• snyk-labs / snync
  Mitigate security concerns of Dependency Confusion supply chain security risks
  ☆45Updated 2 years ago
• lirantal / detect-secrets
  A developer-friendly secrets detection tool for CI and pre-commit hooks based on Yelp's detect-secrets
  ☆50Updated 2 years ago
• salesforce / lobster-pot
  Scans every git push to your Github organisations to find unwanted secrets.
  ☆88Updated last year
• mozilla / observatory-cli
  ☆189Updated 2 months ago
• yaakov123 / hagana
  NodeJS runtime protection for supply chain attacks
  ☆142Updated 2 years ago
• AppThreat / sast-scan
  Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure D…
  ☆147Updated 4 years ago
• lirantal / learning-http-security-headers-book
  Hands-on practical use of HTTP security headers as browser security controls to help secure web applications
  ☆18Updated 2 years ago
• lirantal / lockfile-lint
  Lint an npm or yarn lockfile to analyze and detect security issues
  ☆790Updated 4 months ago
• gkouziik / eslint-plugin-security-node
  ESLint security plugin for Node.js
  ☆102Updated 10 months ago
• NodeSecure / js-x-ray
  JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
  ☆229Updated last week
• JacksonGL / NPM-Vuln-PoC
  Vulnerabilities discovered in npm packages [Berkeley PL & Security Research]
  ☆43Updated 6 months ago
• snyk / awesome-snyk-community
  Awesome Snyk community contributions, champions, integrations, blogs, tools and more 💜
  ☆44Updated 2 years ago
• OWASP / packman
  A documentation and tracking project with the goal of making package management systems more secure.
  ☆50Updated 3 years ago
• twilio-labs / deadshot
  Deadshot is a Github pull request scanner to identify sensitive data being committed to a repository
  ☆190Updated 2 months ago
• papandreou / seespee
  Create a Content-Security-Policy for a website based on the statically detectable relations
  ☆75Updated 9 months ago