Repositories list

• Essential8-SDLC

  Public
  Software supply chain and the Essential 8 - How to evolve Essential 8 for the modern world

  1•4•0•0•Updated Dec 2, 2023Dec 2, 2023

• app.cheapcryptobank.com

  Public
  Cheap Crypto Bank App source code

  JavaScript

  •32•2•1•1•Updated Nov 21, 2023Nov 21, 2023

• wafw00f

  Public
  WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website.

  Python

  •

  BSD 3-Clause "New" or "Revised" License

  •933•1•0•0•Updated Oct 28, 2023Oct 28, 2023

• nuclei-templates

  Public
  Community curated list of templates for the nuclei engine to find security vulnerabilities.

  MIT License

  •2.6k•0•0•0•Updated Oct 24, 2023Oct 24, 2023

• dnstwist

  Public
  keep-2022. Domain name permutation engine for detecting typo squatting, phishing and corporate espionage

  Python

  •

  Apache License 2.0

  •773•0•0•0•Updated Oct 1, 2023Oct 1, 2023

• wappalyzer

  Public
  The last commit of Wappalyzer before it went private

  JavaScript

  •

  GNU General Public License v3.0

  •152•0•0•0•Updated Sep 20, 2023Sep 20, 2023

• visualizing-software-supply-chain

  Public
  A project to visualize the software supply chain

  MIT License

  •14•35•0•0•Updated Sep 9, 2023Sep 9, 2023

• actions-exposure

  Public
  A GitHub Action that scans your public web applications after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.

  deploymentweb-applicationdynamic-analysis+ 13web-vulnerability-scannervulnerability-detectionsoftware-composition-analysisvulnerability-scanningcloud-securitydeployment-pipelinedeployment-automation+ 6

  GNU General Public License v3.0

  •5•24•0•0•Updated Jun 7, 2023Jun 7, 2023

• actions-all-in-one

  Public
  All of our GitHub Actions rolled into one. Or as we like to say: One GitHub Action to rule them all!

  web-vulnerability-scannervulnerability-detectionsecurity-automation+ 9devsecopssoftware-composition-analysisvulnerability-scanningvulnerability-scannerdeployment-pipelinegithub-actionssecret-scanning+ 2

  GNU General Public License v3.0

  •6•21•0•0•Updated Jun 7, 2023Jun 7, 2023

• actions-secrets

  Public
  Adding this GitHub Action will scan your repository for sensitive data in your source code. We find things like passwords, server host strings, API keys, .env and config files and more

  deploymentactionssecrets-scan+ 10vulnerability-detectionsecrets-detectionsecrets-discovery-servicesecrets-scannersecuritysecretssecurity-automation+ 3

  GNU General Public License v3.0

  •4•28•0•0•Updated Jun 7, 2023Jun 7, 2023

• actions-sbom

  Public
  A GitHub Action that creates a SBOM from your application so you can meet compliance and security requirements. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements, and has the SBOM to show it!

  securitysecurity-auditdeployment+ 10osecurity-automationbill-of-materialsautomation-testingdeployment-automationsbomsbom-generator+ 3

  GNU General Public License v3.0

  •3•25•0•0•Updated Jun 7, 2023Jun 7, 2023

• activestate-cli

  Public
  The Command Line Interface for managing language runtime environments built by the ActiveState Platform

  Go

  •

  BSD 3-Clause "New" or "Revised" License

  •13•0•0•0•Updated May 26, 2023May 26, 2023

• scancode-toolkit

  Public
  🔎 ScanCode detects licenses, copyrights, package manifests & dependencies and more by scanning code ... to discover and inventory open source and third-party packages used in your code.

  Python

  •548•0•0•0•Updated Nov 22, 2022Nov 22, 2022

• SecretFinder

  Public
  SecretFinder - A python script for find sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files

  Python

  •

  GNU General Public License v3.0

  •375•0•0•0•Updated Oct 6, 2022Oct 6, 2022

• actions-abom

  Public
  SecureStack Application Bill of Materials (ABOM/SBOM)

  securitysecurity-auditautomation+ 6deploymentsecurity-automationbill-of-materialsautomation-testingsbomabom

  GNU General Public License v3.0

  •2•13•0•0•Updated Aug 26, 2022Aug 26, 2022

• subscriptions-transport-ws

  Public
  🔃 A WebSocket client + server for GraphQL subscriptions

  TypeScript

  •

  MIT License

  •342•0•0•0•Updated May 17, 2022May 17, 2022

• AECHAM

  Public
  Application Environment Composition and Hierarchy Abstraction Model

  GNU General Public License v3.0

  •0•0•0•0•Updated May 9, 2022May 9, 2022

• actions-log4j

  Public
  A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.

  javalog4jstatic-analysis+ 17java8vulnerabilitieslog4jsvulnerability-assessmentlog4j2jresoftware-composition-analysis+ 10

  GNU General Public License v3.0

  •2•15•0•0•Updated Apr 9, 2022Apr 9, 2022

• actions-code

  Public
  A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition analysis).

  deploymentvulnerability-detectionsecurity-automation+ 8security-toolssoftware-composition-analysisvulnerability-scannerdeployment-pipelinedeployment-automationsecuritydevsecops+ 1

  GNU General Public License v3.0

  •2•21•0•0•Updated Apr 9, 2022Apr 9, 2022

• auth0-react

  Public
  Auth0 SDK for React Single Page Applications (SPA)

  TypeScript

  •

  MIT License

  •258•0•0•0•Updated Feb 21, 2022Feb 21, 2022

• accesspress-mitigation

  Public
  Resources to mitigate the AccessPress Theme vulnerabilities

  GNU General Public License v3.0

  •0•1•0•0•Updated Jan 23, 2022Jan 23, 2022

• application-composition-graph

  Public
  This is a description and example of a the concept of an "Application Composition Graph". This graph can be visually represented in a graph format, but more importantly it can be represented in JSON.

  GNU General Public License v3.0

  •0•1•0•0•Updated Dec 27, 2021Dec 27, 2021

• securestack-chrome-extension

  Public
  SecureStack Chrome Extension

  JavaScript

  •

  GNU General Public License v2.0

  •0•0•0•0•Updated Dec 21, 2021Dec 21, 2021

• old-wappalyzer

  Public
  Identify technology on websites.

  JavaScript

  •

  MIT License

  •2.3k•1•0•0•Updated Dec 18, 2021Dec 18, 2021

• react-browser-notifications

  Public
  React component for the browser's Notifications API

  JavaScript

  •

  MIT License

  •5•1•0•0•Updated Dec 15, 2021Dec 15, 2021

• material-ui-search-bar

  Public
  Material design search bar

  JavaScript

  •

  MIT License

  •82•1•0•0•Updated Dec 14, 2021Dec 14, 2021

• actions

  Public
  A set of GitHub actions for checking your application for vulnerabilities

  actionssecurestack

  Shell

  •

  GNU General Public License v3.0

  •0•0•0•0•Updated Nov 29, 2021Nov 29, 2021

• Trufflehog-Chrome-Extension

  Public
  JavaScript

  •

  GNU General Public License v2.0

  •39•0•0•0•Updated Oct 16, 2021Oct 16, 2021

• SAT4L

  Public
  Security Automation Toolkit for Linux

  0•0•0•0•Updated Jan 12, 2020Jan 12, 2020