All activity
The fully open source code analysis engine. Quickly analyze large code bases & fix security issues at scale.
Initiated by 10 rival security orgs, Opengreps promises to advance and commoditize static code security for the free use of all.
Opengrep
The open source code security engine
There are risks inherent in writing code. Risky third party packages, Infrastructure-as-code risks, and more. Arnica feeds developers AI generated recommendations, as they push code, to eliminate risks from ever finding their way into production.
AI-based code risk mitigations
Auto generate AppSec risk mitigation recs for developers
Moshe Dahan
left a comment
Excellent initiative!
One enhancement request. Add a popup after a few seconds that shows a text box next to it with a "why is it here?" info box. It will be helpful for people to understand the context and click on the learn more link.
Stand with Israel Widget
Voice your stand against terror with a simple widget
GitGoat is an open source tool built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repos without a risk to your production data.
GitGoat
Intentionally Misconfigured GitHub User + Repo + Teams Data
Software supply chain attacks have caught the security community off-guard. Arnica, starting with GitHub & Azure DevOps, addresses the two primary root causes:
1) 🪄 excessive permissions to developer tools
2) 🥸 lack of abnormal behavior detection
1) 🪄 excessive permissions to developer tools
2) 🥸 lack of abnormal behavior detection
Arnica
Behavior based software supply chain security