Flyingduck
Flyingduck is a security analysis platform that integrates multiple application security testing capabilities into the software development lifecycle. The platform implements several key security features: - Static Application Security Testing (SAST) for analyzing source code during development - Software Composition Analysis (SCA) for identifying vulnerabilities in direct and transitive dependencies - Software Bill of Materials (SBOM) generation for tracking software components - Secrets detection to identify exposed sensitive information like API keys and credentials - AI-assisted vulnerability remediation providing actionable fix recommendations The tool integrates into CI/CD pipelines and performs security scanning at the commit stage, enabling early vulnerability detection. It analyzes active code paths to identify security issues and provides developers with: - Vulnerability assessment reports with Common Vulnerability Code references - Dependency upgrade guidance - Compliance checking capabilities - GitHub repository scanning - Code security best practices recommendations The platform focuses on shift-left security practices by incorporating security testing early in the development process rather than post-deployment.
FEATURES
SBOM
SCA
SAST
SECRETS
COMMIT-ANALYSIS
EARLY STAGE DETECTION
EXPLORE BY TAGS
SIMILAR TOOLS
A tool for identifying potential security vulnerabilities in dependency configurations by checking for lingering free namespaces for private package names.
Curiefense is an application security platform that protects against various threats and offers community involvement.
A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL
Snyk Code is a real-time SAST tool that provides secure code analysis and actionable remediation advice to prevent code delays and ensure secure development.
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.
An API security and governance platform that provides discovery, security testing, compliance monitoring and lifecycle management capabilities for enterprise API implementations.
A Windows Kernel driver intentionally vulnerable to help improve skills in kernel-level exploitation.
A deliberately weak and insecure implementation of GraphQL for testing and practicing GraphQL security
An Application Security Posture Management platform that helps organizations integrate security throughout the software development lifecycle with a focus on vulnerability management and secure coding practices.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.