CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

Github Action for security scanning utilizing Salus by Coinbase

This repo contains the technology stack and its usage for software supply chain security of a Java application

How to secure your development pipeline with static application security test (SAST) / Dynamic application security test (DAST), software composition analysis (SCA) using Sonarqube.

Sheriff is a tool to scan repositories and generate security reports.

Static code analysis of software licenses

🛡 Scan GitHub repositories for dependency vulnerabilities using OSV database. Supports npm, PyPI, RubyGems, Go, and PHP.

CLI Vulnify - Faz o scan em seus projetos buscando por vulnerabilidades.

CSI Red Alert - Scan your Repository and Docker Images on a daily basis. Create & Close the issues in your Gitlab Instance automatically. Notify on Slack with a summary on all new vulnerabilities.

SecureFlow-CI-CD demonstrates a CI/CD pipeline using GitHub Actions to perform security checks and analyses on a Python project.

🏥🛡️ Automated NuGet vulnerability scanner & updater for .NET. Smart dependency patching with compatibility testing. Keep your packages safe & current. 🔒

FastHTML app to audit GitHub users/orgs for vulnerable dependencies using OSV data.

🤖 Globomantics Robot Fleet Manager - Educational demo with vulnerable dependencies for GitHub Advanced Security training. Tim Warner's Pluralsight Dependency Review course. Learn more: https://pluralsight.com

SentinelGuard is a full-featured vulnerability scanner for Python projects. It analyzes source code, dependencies, and secrets in a unified desktop interface.

Create GitLab compatible dependency scanning report from npm audit

Scan for vulnerabilities and trace their usage in your source code

One POST, instant CVE impact for your SBOM. Give us a lightweight component list (npm / PyPI today), and get back the exact vulnerabilities and the minimal fixed versions you need to patch. Built for CI pipelines, PR checks, and SRE/AppSec dashboards.

A reusable GitLab CI/CD template for automated security scanning, including secrets detection (Gitleaks, Trufflehog), dependency vulnerabilities (Trivy), SAST (Semgrep, SonarQube), DAST (OWASP ZAP), and a consolidated security dashboard. Include this in your gitlab-ci.yml for DevSecOps.

Agentic AI for DevSecOps: Transforming Security with GitHub Advanced Security and GitHub Copilot. GitHub Advanced Security - DevSecOps Guidelines - Unified visibility into DevOps security posture. DevSecOps E2E Demos.