Allstar is a GitHub App designed to continuously monitor GitHub organizations and repositories for compliance with security best practices. The tool automatically detects security policy violations within GitHub environments and creates issues to notify repository or organization owners of potential security concerns. Allstar provides granular control over security monitoring by allowing users to specify which files and settings should be monitored for security compliance. Users can configure security policies at both the organization and repository levels, with customizable handling of policy violations. The application supports extensibility through the development and contribution of new security policies. Organizations can tailor the monitoring scope to their specific security requirements and choose appropriate response actions when violations are detected. Allstar operates as part of the OpenSSF (Open Source Security Foundation) organization, focusing on improving security practices across GitHub-hosted projects through automated monitoring and alerting capabilities.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
A brute-force protection middleware for express routes that rate-limits incoming requests.
A Nuxt 3 security module that automatically implements OWASP security patterns through HTTP headers, middleware, and various protection mechanisms including CSP, XSS validation, CORS, and CSRF protection.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.
A deliberately vulnerable Java web application designed for educational purposes to teach web application security concepts and common vulnerabilities.
Bearer CLI is a static application security testing tool that scans source code across multiple programming languages to identify and prioritize OWASP Top 10 and CWE Top 25 security vulnerabilities through data flow analysis.
RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.