4 Repos
Identifying the use of dangerous, deprecated, or forbidden functions and packages in source code.
Distinct from Function Call Tracking: Candidates relate to AI function calling or test tracking, not security-based API auditing.
Explore 4 awesome GitHub repositories matching security & cryptography · Insecure API Detection. Refine with filters or upvote what's useful.
gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph
Identifies dangerous or deprecated API usage by matching package selectors and identifiers within source code.
Zizmor is a security linter and static analysis tool designed to audit GitHub Actions workflow files. It functions as a CI/CD security scanner that identifies security vulnerabilities, misconfigurations, and software supply chain risks within automation pipelines. The project distinguishes itself by providing an automated workflow remediator that applies security fixes to identified vulnerabilities. It also implements a language server for integration with code editors and supports a variety of analysis personas to scale the sensitivity and volume of reported findings. The tool covers a broa
Flags the explicit enablement of deprecated and insecure workflow commands via environment variables.
PurpleLlama is a collection of security toolsets and frameworks designed to audit large language model vulnerabilities and implement runtime input-output guardrails. It provides a security evaluation framework and benchmark suite to quantify risks associated with prompt injections and the generation of malicious code. The project includes a content moderator and input-output filters that use a standardized taxonomy to identify and block harmful content, jailbreaking attempts, and insecure commands. It also features capabilities for sensitive document classification to prevent the unauthorized
Performs security scans of generated code during execution to prevent insecure suggestions and malicious command execution.
PurpleLlama is a collection of security components and toolkits designed for large language models. It provides specialized systems including a code security scanner, a content moderation system, a prompt injection firewall, and a security assessment toolkit. The project enables the identification and blocking of jailbreaking attempts and malicious prompts during model inference. It includes capabilities for detecting violating content across multiple languages and modalities and scanning generated code for vulnerabilities to prevent the execution of insecure commands. The framework further
Filters AI-generated code at execution time to block malicious or insecure system commands.