Skip to content

Instantly share code, notes, and snippets.

@asears

asears/securitychecks.md

Last active March 30, 2024 12:30
Show Gist options
  • Save asears/41a95090cc4896fb8e58377744a0e14b to your computer and use it in GitHub Desktop.
Save asears/41a95090cc4896fb8e58377744a0e14b to your computer and use it in GitHub Desktop.
Download ZIP
Security checks and utilities
Raw
securitychecks.md

Dependency and security checkers

With the announcement of an xy exploit, some links to potential security tools.

Snyk

https://snyk.io/

https://snyk.io/advisor/python/pip

https://snyk.io/advisor/npm-package/listr2

https://snyk.io/advisor/golang/github.com/gin-gonic/gin

https://snyk.io/advisor/docker/alpine

Rust

https://rustsec.org/

https://github.com/rustsec/rustsec/tree/main/cargo-audit

https://github.com/EmbarkStudios/cargo-deny

Linux

https://www.openwall.com/

https://cisofy.com/lynis/

https://ubuntu.com/security/oval

Others

https://malcore.io/

https://www.veracode.com/

https://www.veracode.com/products/binary-static-analysis-sast

https://www.sonatype.com/

SonarQube

https://www.sonarsource.com/

https://github.com/SonarSource/sonarqube

Dependabot

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

Google Fuzz

https://github.com/google/clusterfuzz

https://github.com/google/oss-fuzz

Wazuh, OSS Endpoint Security

https://github.com/wazuh/wazuh

OWASP

https://owasp.org/www-project-dependency-check/

GitLab Gemnasium (Dependabot)

https://github.com/gemnasium

Synopsis Black Duck

https://www.synopsys.com/

https://www.synopsys.com/software-integrity/software-composition-analysis-tools/black-duck-sca.html

Jit, alternative to Sonar, Snyk

https://www.jit.io/

Akido, alternative to Jit, Sonar, Snyk

https://www.aikido.dev/

Others

https://checkmarx.com/cxsast-source-code-scanning/

https://www.opentext.com/products/fortify-static-code-analyzer

https://www.perforce.com/products/klocwork

https://spectralops.io/features/

https://www.acunetix.com/

https://www.opentext.com/products/fortify-webinspect

https://www.synopsys.com/software-integrity/application-security-testing-services.html

https://www.tenable.com/products/web-app-scanning

https://www.contrastsecurity.com/

https://qwiet.ai/

https://fossa.com/

https://scribesecurity.com/

https://anchore.com/

https://www.contrastsecurity.com/

https://codenotary.com/

https://www.cybeats.com/

https://www.legitsecurity.com/

https://cycode.com/

https://www.chainguard.dev/

https://www.arnica.io/

https://www.netrise.io/industries/power-utilities

https://www.mend.io/

https://github.com/nccgroup/sobelow

https://www.openwall.com/

F5 https://www.f5.com/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment