You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
sast-scan: Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Misconfigurations:
legitify: Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
kics: Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. Scan free up to 4mb repositories.
GitHub actions:
harden-runner: Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
generic: A set of GitHub actions for checking your projects for vulnerabilities
Container and/or cloud specific:
kube-bench: Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
checkov: Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
DependencyCheck: OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
retirejs: scanner detecting the use of JavaScript libraries with known vulnerabilities. Also generates an SBOM of the libraries it finds.
npm audit: This built-in npm command checks for vulnerabilities in your installed packages.
installed-check: This tool verifies that installed modules comply with the requirements specified in package.json, ensuring that you are not using incompatible or potentially insecure versions of dependencies .
better-npm-audit: The goal of this project is to provide additional features on top of the existing npm audit options
node-version-audit: Node Version Audit is a convenience tool to easily check a given Node.js version against a regularly updated list of CVE exploits, new releases, and end of life dates.
better-npm-audit: The goal of this project is to provide additional features on top of the existing npm audit options. We hope to encourage more people to do security audits for their projects.
nodejsscan: a static security code scanner for Node.js applications.
lavamoat: tools for sandboxing your dependency graph.
The text was updated successfully, but these errors were encountered:
package.json
, ensuring that you are not using incompatible or potentially insecure versions of dependencies .yarn audit fix
.The text was updated successfully, but these errors were encountered: