Nir Valtman

Creates CycloneDX Software Bill-of-Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI//CD pipeline with automatic submission to Dependency Track server.

No description provided.

No description provided.

:snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI and npm packages

Inference code for CodeLlama models

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

A collection of Semgrep rules derived from the OWASP MASTG specifically for Android applications.

Protect and discover secrets using Gitleaks 🔑

Collection of tools for analyzing open source packages.

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Fully open-source security audit based on known vulnerabilities and advisories for project dependencies. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI, and Google CloudBuild. No server is required!

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repositories without a risk to your production environment.

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!