7 Repos
Tools for identifying vulnerabilities and enforcing secure coding practices.
Explore 7 awesome GitHub repositories matching part of an awesome list · Code Security. Refine with filters or upvote what's useful.
This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuris
Automates detection and exploitation of SQL injection flaws.
TabNine is an AI-powered code completion engine that runs a deep-learning model to generate real-time code suggestions across all programming languages. It operates as an editor plugin that communicates with a backend through a JSON message-passing interface, processing code entirely on the local machine or within a private cloud to keep source code secure and private. The system provides a completion request API that accepts cursor context and returns ranked text completions, with features for configuring completion regions, prefetching files for indexing, and managing binary versions and up
Runs code completion entirely on-device or in a private cloud to prevent source code from leaving your controlled environment.
Bandit is a static analysis security testing tool and vulnerability detection scanner for Python source code. It functions as a security-focused linter and static analyzer that identifies common vulnerabilities and architectural flaws without executing the program. The tool utilizes an abstract syntax tree to analyze code patterns and identifies risky function calls or insecure configurations. It employs a plugin-based rule engine to decouple scanning logic from individual security checks and supports configuration-driven filtering to exclude specific files or ignore certain warnings. The sy
Finds common security issues in source code.
detect-secrets is a modular secret scanning tool that identifies hard-coded credentials and sensitive information in source code. It combines multiple detection strategies—regular expression pattern matching, Shannon entropy calculation, and a machine learning classifier—to find potential secrets, and uses a baseline-driven delta analysis to distinguish newly introduced secrets from pre-existing ones, reducing noise from legacy credentials. The tool integrates directly into development workflows through a git pre-commit hook that blocks commits introducing unbaselined secrets, and can be inco
Prevents accidental commits of sensitive credentials and secrets.
Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
Checks dependencies for known security vulnerabilities.
This project provides a comprehensive framework for building, deploying, and orchestrating autonomous agents within a decentralized network. It serves as a collection of patterns and examples for developing intelligent software entities capable of performing complex tasks, making decisions, and interacting with other agents to achieve shared goals. The framework distinguishes itself through its focus on multi-agent orchestration and decentralized communication. It enables the coordination of specialized agent teams that collaborate on workflows through structured messaging protocols, allowing
Scans source code for vulnerabilities using language models to provide structured security reports.
Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.
Encourages secure coding practices through static analysis.