Octoscan Logo

Octoscan

0
Free
Visit Website

Octoscan is a static vulnerability scanner designed specifically for GitHub action workflows. It analyzes workflow files to identify potential security risks and misconfigurations. The tool offers various functionalities: 1. Downloading remote workflows from GitHub repositories for analysis. 2. Scanning local or downloaded workflows for vulnerabilities. 3. Implementing multiple security rules to detect issues such as dangerous checkouts, expression injections, and known vulnerabilities. 4. Providing options to customize scans, including enabling/disabling specific rules and filtering triggers. 5. Offering different output formats, including JSON, for easy integration into security pipelines. Octoscan helps security teams and developers identify and mitigate risks in their CI/CD pipelines, focusing on GitHub Actions-specific vulnerabilities and best practices.

FEATURES

ALTERNATIVES

Emulates browser functionality to detect exploits targeting browser vulnerabilities.

API security platform that combines discovery, testing, and monitoring capabilities to identify and protect against API vulnerabilities throughout the development lifecycle.

Application monitoring and security platform that provides runtime visibility, threat detection, and automated response capabilities for application-layer security

IDAPython plugin for generating Yara rules/patterns from x86/x86-64 code through parameterization.

A set of 48 practical programming exercises in cryptography and application security

A developer-first, API-driven platform that provides development teams with a suite of tools to improve code quality, security, and engineering performance, seamlessly integrated into their existing development workflows.

Static code analyzer for Infrastructure as Code with 500+ security policies and support for various IaC tools and cloud platforms.

A browser with XSS detection capabilities