Octoscan
Octoscan is a static vulnerability scanner designed specifically for GitHub action workflows. It analyzes workflow files to identify potential security risks and misconfigurations. The tool offers various functionalities: 1. Downloading remote workflows from GitHub repositories for analysis. 2. Scanning local or downloaded workflows for vulnerabilities. 3. Implementing multiple security rules to detect issues such as dangerous checkouts, expression injections, and known vulnerabilities. 4. Providing options to customize scans, including enabling/disabling specific rules and filtering triggers. 5. Offering different output formats, including JSON, for easy integration into security pipelines. Octoscan helps security teams and developers identify and mitigate risks in their CI/CD pipelines, focusing on GitHub Actions-specific vulnerabilities and best practices.
FEATURES
ALTERNATIVES
Websecurify provides efficient ways to protect organizations with sophisticated technology and expert consultancy.
An insecure web application with multiple vulnerable web service components for learning real-world web service vulnerabilities.
A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL
AWS Web Application Firewall (WAF) for protecting web applications from common exploits.
Protect your Fastify server against CSRF attacks with a series of utilities and recommendations for secure application development.
A brute-force protection middleware for express routes that rate-limits incoming requests.
A tool for building and installing PhoneyC with optional Python version configuration and root privileges.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.