All activity
The fully open source code analysis engine. Quickly analyze large code bases & fix security issues at scale.
Initiated by 10 rival security orgs, Opengreps promises to advance and commoditize static code security for the free use of all.
OpengrepThe open source code security engine
There are risks inherent in writing code. Risky third party packages, Infrastructure-as-code risks, and more. Arnica feeds developers AI generated recommendations, as they push code, to eliminate risks from ever finding their way into production.
AI-based code risk mitigationsAuto generate AppSec risk mitigation recs for developers
Moshe Dahanleft a comment
Excellent initiative! One enhancement request. Add a popup after a few seconds that shows a text box next to it with a "why is it here?" info box. It will be helpful for people to understand the context and click on the learn more link.
Stand with Israel WidgetVoice your stand against terror with a simple widget
GitGoat is an open source tool built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repos without a risk to your production data.
GitGoatIntentionally Misconfigured GitHub User + Repo + Teams Data
Software supply chain attacks have caught the security community off-guard. Arnica, starting with GitHub & Azure DevOps, addresses the two primary root causes:
1) 🪄 excessive permissions to developer tools
2) 🥸 lack of abnormal behavior detection
1) 🪄 excessive permissions to developer tools
2) 🥸 lack of abnormal behavior detection
ArnicaBehavior based software supply chain security