Octoscan is a static vulnerability scanner designed specifically for GitHub action workflows. It analyzes workflow files to identify potential security risks and misconfigurations. The tool offers various functionalities: 1. Downloading remote workflows from GitHub repositories for analysis. 2. Scanning local or downloaded workflows for vulnerabilities. 3. Implementing multiple security rules to detect issues such as dangerous checkouts, expression injections, and known vulnerabilities. 4. Providing options to customize scans, including enabling/disabling specific rules and filtering triggers. 5. Offering different output formats, including JSON, for easy integration into security pipelines. Octoscan helps security teams and developers identify and mitigate risks in their CI/CD pipelines, focusing on GitHub Actions-specific vulnerabilities and best practices.
FEATURES
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
ALTERNATIVES
AWS Web Application Firewall (WAF) for protecting web applications from common exploits.
XSS Polyglot Challenge - XSS payload running in multiple contexts for testing XSS.
Automatic tool for pentesting XSS attacks against different applications
Protect your Fastify server against CSRF attacks with a series of utilities and recommendations for secure application development.
A developer-first, API-driven platform that provides development teams with a suite of tools to improve code quality, security, and engineering performance, seamlessly integrated into their existing development workflows.
ConDroid performs concolic execution of Android apps to observe 'interesting' behavior in dynamic analysis.