A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.
Static Value-Flow Analysis Framework for Source Code
🎯 Server Side Template Injection Payloads
Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter.
Django application that performs SAST and Malware Analysis for Android APKs
🎯 CSV Injection Payloads
Prevent merging of malicious code in pull requests
Focused malicious code detection ruleset, with a high protection-to-noise ratio
#大语言模型#The purpose of this document is to outline the security risks and vulnerabilities that may arise when implementing ChatGPT in web applications and to provide best practices for mitigating these risks.
Monitor your code for exposed API keys, tokens, credentials, and high-risk security IaC misconfigurations
Official documentation for Gitsecure
#大语言模型#AI code generation and improvement
#大语言模型#Contexi let you interact with entire codebase or data with context using a local LLM on your system.
Github action to run PyCQA's bandit security linter.
ESLint backbone repository for workshop
The only tool your project needs to ensure security and quality. Open-source and free.
Complete DevOps CI/CD project with Documented Walkthrough
Code security analyzer for Python, JavaScript, Java vulnerabilities.
Sonarqube community with postgreSQL database on docker
#自然语言处理#Text and Static Analysis of Java's Common Vulnerabilities and Exposures.