lockfile-lint is a tool that helps developers lint their lockfiles to ensure they adhere to pre-defined security policies and mitigate the risk of malicious packages being injected into the lockfile. Lockfiles are used as a trusted manifest of resources to fetch packages from, but keeping track of changes to lockfiles can be challenging as they are designed to be consumed by machines. The tool can be easily invoked using the npx command and can lint both yarn.lock and npm-shrinkwrap.json files. It checks the lockfile against a set of predefined security policies, such as ensuring that only trusted package hosts are used and that HTTPS is used for all package downloads. If the lockfile passes the lint checks, the tool will report no issues. If it detects any exceptions to the security policies, it will report them, allowing developers to address the issues and ensure the integrity of their lockfile. lockfile-lint can be used as a standalone CLI tool or as a programmatic API library, making it easy to integrate into existing development workflows, such as pre-commit hooks or CI/CD pipelines.
StepSecurity is a platform that enhances GitHub Actions security by providing network egress control, risk discovery, action replacement, and security best practices orchestration.
ffufai is an AI-enhanced wrapper for ffuf that automatically suggests file extensions for web fuzzing based on the target URL and headers.
Yaramod is a library for parsing YARA rules into AST and building new YARA rulesets with C++ programming interface.
A tool for dynamic analysis of mobile applications in a controlled environment.
A PHP/MySQL web application designed to aid security professionals in testing their skills and tools in a legal environment.
XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.
Application security platform that combines SAST and SCA with runtime intelligence to validate vulnerability exploitability and provide contextual remediation guidance.
Python-based web server framework for setting up fake web servers and services with precise data responses.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.