tcosolutions / betterscan
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
☆842Updated this week
Alternatives and similar repositories for betterscan:
Users that are interested in betterscan are comparing it to the libraries listed below
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆827Updated last year
- OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for …☆1,064Updated this week
- Semgrep rules registry☆857Updated this week
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,091Updated last year
- Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exp…☆1,186Updated this week
- A list of open source web security scanners☆1,007Updated 4 months ago
- ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.☆684Updated last year
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆542Updated last week
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆793Updated 3 weeks ago
- A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Sec…☆283Updated 10 months ago
- Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an outp…☆467Updated last year
- OXO is a security scanning orchestrator for the modern age.☆543Updated this week
- GitHub Actions Pipeline Enumeration and Attack Tool☆584Updated this week
- Awesome cloud enumerator☆956Updated 6 months ago
- Cloudlist is a tool for listing Assets from multiple Cloud Providers.☆903Updated this week
- ☆404Updated 2 years ago
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆636Updated this week
- Automating situational awareness for cloud penetration tests.☆2,034Updated last month
- secureCodeBox (SCB) - continuous secure delivery out of the box☆804Updated this week
- Curated list of open-source & paid Attack Surface Monitoring (ASM) tools.☆373Updated 4 months ago
- open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. Th…☆1,080Updated this week
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆507Updated this week
- Attack surface detector that identifies endpoints by static analysis☆656Updated this week
- Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilit…☆522Updated 2 years ago
- Tool for building Kubernetes attack paths☆818Updated this week
- Extract URLs, paths, secrets, and other interesting bits from JavaScript☆1,486Updated 8 months ago
- CI/CD Security Analyzer☆647Updated 4 months ago
- Vulnerable REST API with OWASP top 10 vulnerabilities for security testing☆960Updated 2 months ago
- njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.☆386Updated 3 months ago
- Tool to check for dependency confusion vulnerabilities in multiple package management systems☆709Updated 6 months ago