Github

Detectors

Detects exposed API keys and credentials across multiple cloud services

ClearVector Detection Engine

Identity-driven threat detection with graph-based activity attribution

depthfirst labs

AI-powered vulnerability discovery and automated patching for open-source code

Corgea

AI-powered code security fix generator for developer workflows

Grafana Synthetic Monitoring

Synthetic monitoring for websites, APIs, and user flows from global locations

JFrog Pipelines

Sunset CI/CD automation platform integrated with JFrog Artifactory

iScan Advanced Scanning Tool

Scans repositories for exposed secrets, API keys, and credentials for bug bounty

Octoscan

Octoscan is a static analysis tool that scans GitHub Actions workflows for security vulnerabilities and misconfigurations.

GitHub Actions Attack Diagram

A visual guide that maps attack vectors and exploitation techniques for identifying vulnerabilities in GitHub Actions configurations and CI/CD pipelines.

StepSecurity CI/CD Security

CI/CD security platform for GitHub Actions with runtime threat detection

gitGraber

Monitor GitHub for sensitive data

Webanalyze

An automated tool for identifying technologies used on websites with mass scanning capabilities, based on the Wappalyzer detection engine.

GitRob

A reconnaissance tool for GitHub organizations

Secret Bridge

Secret Bridge monitors GitHub repositories to detect and alert on leaked secrets and sensitive data exposure.

GitGot

A tool for identifying sensitive secrets in public GitHub repositories

ParamPamPam

ParamPamPam is an open-source tool that detects and exploits web application vulnerabilities using fuzzing, SQL injection, and XSS techniques.

Ayehu Custom Activities Contribution Guide

A contribution guide that provides guidelines and instructions for developers to contribute custom activities to the Ayehu IT automation platform through GitHub pull requests.

Allstar

Allstar is a GitHub App that continuously monitors repositories and organizations for security policy violations, creating alerts when best practices are not followed.

Gato

A tool for enumerating and attacking GitHub Actions pipelines

MalShare.com

A community-driven public malware repository providing access to malware samples, tools, and resources for the cybersecurity community.

GitMiner

A powerful tool for searching and scraping data from GitHub

Contribution Guidelines

Standardized contribution guidelines for maintaining quality cybersecurity tool repositories and community-curated lists.

CloudSploit by Aqua

CloudSploit by Aqua is an open-source multi-cloud security scanning tool that detects security risks and compliance issues across AWS, Azure, GCP, OCI, and GitHub platforms.

tiq-test

A data visualization and statistical analysis tool for measuring the quality and effectiveness of threat intelligence indicator feeds through various analytical tests.