CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

Github Action for security scanning utilizing Salus by Coinbase

This repo contains the technology stack and its usage for software supply chain security of a Java application

How to secure your development pipeline with static application security test (SAST) / Dynamic application security test (DAST), software composition analysis (SCA) using Sonarqube.

Sheriff is a tool to scan repositories and generate security reports.

Static code analysis of software licenses

CLI Vulnify - Faz o scan em seus projetos buscando por vulnerabilidades.

CSI Red Alert - Scan your Repository and Docker Images on a daily basis. Create & Close the issues in your Gitlab Instance automatically. Notify on Slack with a summary on all new vulnerabilities.

🏥🛡️ Automated NuGet vulnerability scanner & updater for .NET. Smart dependency patching with compatibility testing. Keep your packages safe & current. 🔒

SecureFlow-CI-CD demonstrates a CI/CD pipeline using GitHub Actions to perform security checks and analyses on a Python project.

Create GitLab compatible dependency scanning report from npm audit

Scan for vulnerabilities and trace their usage in your source code

A reusable GitLab CI/CD template for automated security scanning, including secrets detection (Gitleaks, Trufflehog), dependency vulnerabilities (Trivy), SAST (Semgrep, SonarQube), DAST (OWASP ZAP), and a consolidated security dashboard. Include this in your gitlab-ci.yml for DevSecOps.

SentinelGuard is a full-featured vulnerability scanner for Python projects. It analyzes source code, dependencies, and secrets in a unified desktop interface.

🤖 Globomantics Robot Fleet Manager - Educational demo with vulnerable dependencies for GitHub Advanced Security training. Tim Warner's Pluralsight Dependency Review course. Learn more: https://pluralsight.com

One POST, instant CVE impact for your SBOM. Give us a lightweight component list (npm / PyPI today), and get back the exact vulnerabilities and the minimal fixed versions you need to patch. Built for CI pipelines, PR checks, and SRE/AppSec dashboards.

GitHub Advanced Security - DevSecOps Guidelines - Unified visibility into DevOps security posture. DevSecOps E2E Demos.

GitHub Action for FOSSA license scanning with detailed PR comments and policy violation reporting. Automates license compliance checks with intelligent violation analysis and actionable feedback.

🔍 Scan .NET applications for vulnerabilities in NuGet dependencies, ensuring secure and reliable software with this professional-grade security tool.