A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.
Static Value-Flow Analysis Framework for Source Code
🎯 Server Side Template Injection Payloads
Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter.
Prevent merging of malicious code in pull requests
🎯 CSV Injection Payloads
Django application that performs SAST and Malware Analysis for Android APKs
Focused malicious code detection ruleset, with a high protection-to-noise ratio
#大语言模型#The purpose of this document is to outline the security risks and vulnerabilities that may arise when implementing ChatGPT in web applications and to provide best practices for mitigating these risks.
#大语言模型#AI code generation and improvement
Monitor your code for exposed API keys, tokens, credentials, and high-risk security IaC misconfigurations
Codeaudit - Modern Python source code analyzer based on distrust.
Official documentation for Gitsecure
How to secure your development pipeline with static application security test (SAST) / Dynamic application security test (DAST), software composition analysis (SCA) using Sonarqube.
#大语言模型#Contexi let you interact with entire codebase or data with context using a local LLM on your system.
PyGitGuard is a Git security scanner designed to prevent accidental commits of sensitive data by scanning for:
Securing your Code with GitHub workshop
ESLint backbone repository for workshop
Lightweight Rust CLI vulnerability scanner
#大语言模型#AI-powered browser-based vulnerability scanner using UniXcoder embeddings and RAG with LLM to detect security flaws across 9 languages.