Payments for Ruby on Rails apps
-
Updated
Apr 5, 2022 - Ruby
#
sca
Here are 86 public repositories matching this topic...
Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!
log4j
scanner
detector
cybersecurity
pentest
sca
vulnerability-scanner
cve-2021-44228
log4shell
cve-2021-45046
cve-2021-45105
-
Updated
Mar 10, 2022 - Java
prabhu
commented
Feb 1, 2020
Currently, NVD_START_YEAR is configurable with a default value of 2018. The tool should recommend a start year based on the oldest CVE found. If a CVE belonging to the year 2018 is found then the scan should recommend a re-scan with start year of 2017 (Previous year)
This can be implemented in the analysis module.
enhancement
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
A simple Java command-line utility to mirror the CVE JSON data from NIST.
-
Updated
Apr 4, 2022 - Java
xuxiaowei-com-cn
commented
Apr 1, 2022
good first issue
Good for newcomers
rezoan
commented
Jul 14, 2021
In my ubuntu 20.04.2.0, i have python 2.7.18 and pip3 20.0.2.
I was trying to install prancer-basic via pip3 install prancer-basic
It get installed successfully with below warning:
WARNING: The scripts populate_json, prancer, register_key_in_azure_vault, terraform_to_json and validator are installed in '/home/r4redu/.local/bin' which is not on PATH.
Consider adding this director
用于检测maven项目的第三方依赖组件是否存在安全漏洞。
-
Updated
Dec 1, 2021 - Java
Creates CycloneDX Software Bill-of-Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI//CD pipeline with automatic submission to Dependency Track server.
-
Updated
Mar 28, 2022 - JavaScript
A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.
snyk
vulnerability-databases
component-analysis
sca
software-composition-analysis
practical-devsecops
-
Updated
Jun 21, 2021
Open
When we display package manifest and lock files, hyperlink to the upstream package repo web page
3
pombredanne
commented
Feb 24, 2022
When we display a package manifest or lockfile in the resource details, we should have a way to add a hyperlink to the upstream repository web page for this repo: for instance when we browse a requirements.txt lockfile, if it contains: scancode-toolkit==30.0.1 we should recognize this and link to https://pypi.org/project/scancode-toolkit/30.1.0/
We can parse manifests alright and we can creat
Detections for CVE-2021-44228 inside of nested binaries
-
Updated
Dec 18, 2021 - YARA
Vulnerability database and package search for sources such as OSV, NVD, GitHub and npm.
-
Updated
Jan 21, 2022 - Python
A simple Java command-line utility to mirror the entire contents of VulnDB.
-
Updated
Mar 17, 2022 - Java
Python Elliptic Curve Side-Channel Analysis toolkit.
-
Updated
Apr 4, 2022 - Python
用于检测composer项目的第三方依赖组件是否存在安全漏洞。
-
Updated
Mar 17, 2022 - PHP
Checkmarx Scan Github Action
security
scanning
appsec
sca
sast
osa
checkmarx-sast
github-actions
checkmarx
security-vulnerabilities
checkmarx-server
-
Updated
Apr 4, 2022 - JavaScript
用于检测 node 项目的第三方依赖组件是否存在安全漏洞。
-
Updated
Mar 22, 2022 - TypeScript
Payment Gateway Microservice in Golang
go
golang
stripe
stripe-api
gateway
intent
intents
stripe-payments
gateway-microservice
sca
fca
psd2
payment-gateway-microservice
payment-intent
-
Updated
Mar 5, 2022 - Go
-
Updated
Jan 26, 2022 - Java
Using PyRaider You can scan installed dependencies known security vulnerabilities. It uses publicly known exploits, vulnerabilities database.
python
security
dependency-analysis
supply-chain
pip
vulnerabilities
vulnerability-detection
sca
vulnerability-scanners
security-tools
devsecops
pipenv
developer-tool
devsecops-pipeline
-
Updated
Mar 27, 2022 - Python
Warning. DISCONTINUED. SCANOSS Quickscan is a tool that demonstrates scanning source code against osskb.org. SCANOSS Quickscan scans source code against a knowledge base representing the entire OSS community. DISCONTINUED.
-
Updated
Nov 28, 2021 - JavaScript
Improve this page
Add a description, image, and links to the sca topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the sca topic, visit your repo's landing page and select "manage topics."
The current swagger definition is autogenerated. The automatically generated definitions rely on reflection and annotations to create the documentation. The reflection capabilities are poor at best and lead to missing API parameters. Annotations can help in some cases, but the only fix for Swagger is to create individual POJOs for every possible request. This will lead to unnecessary large number