The security helper tool was created to help you reduce the probability of a security violation in a new code, infrastructure or IAM configuration by providing a fast and easy tool to conduct preliminary security check as early as possible within your development process. It is not a replacement of a human review nor standards enforced by your team/customer. It uses light, open source tools to maintain its flexibility and ability to run from anywhere. ASH is cloning and running different open-source tools, such as: git-secrets, bandit, Semgrep, Grype, Syft, nbconvert, npm-audit, checkov, cdk-nag and cfn-nag. Please review the tools LICENSE before usage. ASH change advisory: We are currently working on a re-architecture of ASH targeting a single-container architecture as well as documentation to go along with it. Supported frameworks: The security helper supports
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.
ConDroid performs concolic execution of Android apps to observe 'interesting' behavior in dynamic analysis.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A web application security testing platform that helps you test your knowledge on web application security through realistic scenarios with known vulnerabilities.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A tool for detecting capabilities in executable files, providing insights into a program's behavior and potential malicious activities.
Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.