A GitHub Security Lab initiative, providing an in-repo learning experience, where learners secure intentionally vulnerable code.

Static Value-Flow Analysis Framework for Source Code

🎯 Server Side Template Injection Payloads

Django application that performs SAST and Malware Analysis for Android APKs

🎯 CSV Injection Payloads

Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code quality and SAST checkers. Based on tree-sitter.

The purpose of this document is to outline the security risks and vulnerabilities that may arise when implementing ChatGPT in web applications and to provide best practices for mitigating these risks.

Monitor your code for exposed API keys, tokens, credentials, and high-risk security IaC misconfigurations

ImportSpy is a lightweight Python library that gives developers proactive control over how their code is used when imported by other modules.

Official documentation for Gitsecure

Contexi let you interact with entire codebase or data with context using a local LLM on your system.

SAST Scanner Modified - Fully open-source SAST scanner supporting a range of languages and frameworks. Integrates with major CI pipelines and IDE such as Azure DevOps, Google CloudBuild, VS Code and Visual Studio. No server required!

Github action to run PyCQA's bandit security linter.

ESLint backbone repository for workshop

Complete DevOps CI/CD project with Documented Walkthrough

The only tool your project needs to ensure security and quality. Open-source and free.

Code security analyzer for Python, JavaScript, Java vulnerabilities.

Sonarqube community with postgreSQL database on docker

Text and Static Analysis of Java's Common Vulnerabilities and Exposures.

CodeScan: A Bash script for identifying potential security vulnerabilities in source code. Scan and find common patterns associated with risks like remote code execution. Get a detailed report on potential issues. Enhance your code security.