# GraphQL API Security Scanners > Search results for `test GraphQL APIs for security misconfigurations` on awesome-repositories.com. 107 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/test-graphql-apis-for-security-misconfigurations **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/test-graphql-apis-for-security-misconfigurations).** ## Results - [graphql/graphql-js](https://awesome-repositories.com/repository/graphql-graphql-js.md) (20,397 ⭐) — This project is the JavaScript reference implementation of the GraphQL specification. It provides a query engine and schema parser designed to parse, validate, and execute queries to retrieve or mutate data based on a defined schema. The implementation includes a framework for mapping codebase structures to a strongly typed system and a tool for converting query strings into abstract syntax trees for programmatic analysis. The library covers the full surface of GraphQL API implementation, including schema definition, language parsing, and query validation. It provides the necessary infrastructure for server development, utilizing a recursive execution engine and resolver-based data fetching to process requests. - [graphql-java/graphql-java](https://awesome-repositories.com/repository/graphql-java-graphql-java.md) (6,232 ⭐) — GraphQL Java implementation - [jaykali/maskphish](https://awesome-repositories.com/repository/jaykali-maskphish.md) (3,020 ⭐) — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific executables and mobile application packages to establish remote command sessions. The framework covers a broad surface of capabilities, including web application penetration testing, OSINT reconnaissance, memory and disk forensics, and wireless network auditing. It provides tools for payload generation, credential theft, and the automation of information gathering from public data sources. This project is implemented primarily as a shell-based application. - [chentsulin/awesome-graphql](https://awesome-repositories.com/repository/chentsulin-awesome-graphql.md) (14,975 ⭐) — Awesome GraphQL is a curated directory and resource collection for the GraphQL ecosystem. It serves as a central index for developers to discover libraries, tools, and specifications required for building, testing, and managing data layer implementations across various programming languages. The repository provides access to a comprehensive range of utilities that support the entire GraphQL lifecycle. This includes resources for server-side API development, client-side integration, and schema management. It also highlights tools for security enforcement, such as rate limiting and input validation, as well as diagnostic utilities for API validation, performance testing, and schema visualization. - [elysiajs/elysia](https://awesome-repositories.com/repository/elysiajs-elysia.md) (18,531 ⭐) — Elysia is a high-performance TypeScript web framework designed for building type-safe backend services. It provides a modular, plugin-based architecture that allows developers to compose server logic, middleware, and validation schemas into scalable application instances. By leveraging native web standards, the framework ensures portability across diverse JavaScript runtimes, including Node.js, Deno, and various edge computing environments. The framework distinguishes itself through its focus on end-to-end type safety, automatically synchronizing request and response definitions between the server and client. It features a sophisticated plugin system that enables granular control over the request lifecycle, allowing for scoped validation, dependency injection, and shared state management. Additionally, it includes built-in support for real-time communication via WebSockets and provides automated generation of interactive API documentation directly from server routes. Beyond its core routing and validation capabilities, the framework offers a comprehensive suite of tools for managing the request-response lifecycle, including custom payload parsing, reactive cookie management, and streaming responses. It also integrates observability features such as request tracing and performance monitoring, alongside testing utilities that allow for in-memory request simulation without requiring a live network connection. The project is designed for flexibility in deployment, supporting everything from standard server environments to serverless and edge platforms, with options for bundling applications into portable binaries. - [apache/apisix](https://awesome-repositories.com/repository/apache-apisix.md) (16,767 ⭐) — This project is a high-performance, distributed API gateway designed to manage, secure, and observe traffic for microservices, serverless functions, and artificial intelligence model providers. It functions as a dynamic service proxy and cloud-native ingress controller, centralizing policy enforcement and traffic routing through a unified configuration interface that synchronizes state across multiple nodes in real time. The platform distinguishes itself through a highly extensible architecture that utilizes a high-performance scripting engine to execute modular logic directly within the request lifecycle. It provides specialized capabilities for modern AI workflows, including model request proxying, token-based budget enforcement, content moderation, and agentic workflow tracing. Furthermore, it supports complex multi-protocol environments by bridging diverse communication standards, including gRPC and various binary protocols, without requiring additional sidecar processes. Beyond its core proxying functions, the gateway offers a comprehensive suite of traffic management and security tools. It handles authentication and authorization through multiple strategies, including token validation and identity provider integration, while maintaining granular control over TLS policies and secret management. The system also provides robust observability through distributed tracing, metrics exporting, and detailed request logging, ensuring visibility into both standard API traffic and complex AI-driven interactions. The software is designed for containerized environments and can be deployed using standard container images, with full support for translating Kubernetes ingress resources into live routing rules. - [swisskyrepo/payloadsallthethings](https://awesome-repositories.com/repository/swisskyrepo-payloadsallthethings.md) (78,434 ⭐) — This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data integrity and collaborative growth by utilizing version-controlled knowledge management and template-driven content generation, ensuring that the research remains current and consistent across a wide range of technical domains. The project covers a broad capability surface, including detailed references for web application security, database injection, insecure deserialization, and AI model security testing. It also aggregates external resources, such as research papers and third-party tools, to provide a holistic view of modern threat analysis and defensive research. The documentation is organized as a hierarchical tree of markdown files, designed for easy navigation and reference during active security engagements. - [akto-api-security/akto](https://awesome-repositories.com/repository/akto-api-security-akto.md) (1,486 ⭐) — Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure - [hoppscotch/hoppscotch](https://awesome-repositories.com/repository/hoppscotch-hoppscotch.md) (79,618 ⭐) — Hoppscotch is an open-source API development ecosystem designed for building, testing, and debugging REST, GraphQL, and real-time APIs. It provides a unified platform that functions across web browsers, desktop applications, and command-line interfaces, allowing developers to manage the entire API lifecycle from a single environment. The platform distinguishes itself through a highly interactive, command-driven interface that utilizes a global spotlight palette and keyboard shortcuts to streamline complex workflows. It supports advanced request manipulation and validation by executing JavaScript-based scripts and assertions within a sandboxed runtime. Furthermore, it integrates AI-assisted tools to automate the generation of request payloads, test scripts, and documentation, while maintaining compatibility with existing API definitions and collections from other formats. Beyond core testing capabilities, the project offers a collaborative workspace for teams to organize, share, and synchronize API collections and environment variables. It includes robust support for diverse authorization methods, proxy interception for network requests, and enterprise-grade features such as SCIM user provisioning and activity auditing. The software is available for self-hosted deployment via containerized architectures, ensuring consistent behavior across various production and development environments. - [jaegeral/security-apis](https://awesome-repositories.com/repository/jaegeral-security-apis.md) (982 ⭐) — A collective list of public APIs for use in security. Contributions welcome - [owasp/top10](https://awesome-repositories.com/repository/owasp-top10.md) (5,273 ⭐) — This project is a web application security standard and vulnerability framework. It provides a comprehensive list of the most critical security risks facing web applications, paired with technical guidance and a structured methodology for identifying and mitigating these flaws. The framework functions as a secure coding guide and a risk assessment methodology, offering a standardized approach to prioritizing vulnerabilities based on their potential impact and likelihood of exploitation. It defines architectural patterns and technical recommendations to help developers implement defense in depth across the entire software lifecycle. The project covers a broad surface of security capabilities, including identity and access management, API security hardening, and software supply chain security. It also provides guidance on secure software development, security compliance auditing, and the integration of threat modeling and code reviews into the development process. - [jgcmarins/graphql-ufc-api](https://awesome-repositories.com/repository/jgcmarins-graphql-ufc-api.md) (0 ⭐) — GraphQL Server on top of UFC REST API. - [bearer/bearer](https://awesome-repositories.com/repository/bearer-bearer.md) (2,566 ⭐) — Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform covers a broad range of security domains, including injection flaws, cross-site scripting, weak cryptography, and insecure network configurations. It further includes capabilities for secrets detection and the generation of structured security and privacy compliance reports. Integration is supported via a pipeline scanner that manages process exit codes for CI/CD automation. - [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations against compliance standards and relies on a remote, periodically updated vulnerability database to maintain current detection logic without requiring binary updates. By employing static analysis pattern matching, it maps disparate scan results into a unified output schema for consistent reporting. Beyond its core scanning capabilities, the project supports cloud infrastructure auditing and deep inspection of local and remote environments. It is distributed as a single cross-platform executable, and comprehensive configuration and usage details are available in the project's official user guide. - [carvesystems/vulnerable-graphql-api](https://awesome-repositories.com/repository/carvesystems-vulnerable-graphql-api.md) (62 ⭐) — A very vulnerable implementation of a GraphQL API. - [securego/gosec](https://awesome-repositories.com/repository/securego-gosec.md) (8,866 ⭐) — gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptographic implementations, and insecure network or filesystem configurations. The engine also provides mechanisms for vulnerability management, including the ability to define custom security rules, enforce import blocklists, and suppress false positives using inline code annotations. Analysis results can be exported in multiple machine-readable formats to integrate with reporting tools and security workflows. - [appwrite/appwrite](https://awesome-repositories.com/repository/appwrite-appwrite.md) (56,318 ⭐) — Appwrite is a backend-as-a-service platform that provides a unified development environment for building full-stack applications. It integrates essential infrastructure components—including authentication, databases, storage, and serverless functions—into a single, centralized interface to simplify application development and resource management. The platform distinguishes itself through a container-based microservices architecture that ensures consistent execution across diverse infrastructure. It features a versatile connectivity layer that links frontend applications with third-party services, databases, and external APIs through standardized interfaces. Developers can manage and automate the configuration of these backend resources using infrastructure-as-code tools, while granular role-based access control enforces security policies across all platform resources and API endpoints. Beyond its core services, the platform offers a broad capability surface that includes cross-platform data synchronization, event-driven webhooks, and comprehensive billing and usage monitoring. It supports extensive integrations for AI utilities, payment processing, messaging, and logging, allowing developers to extend application functionality through modular, event-driven workflows. The platform is designed for both managed and self-hosted deployments, providing tools for production environment optimization, data migration, and custom domain configuration. - [thekingofduck/fuzzdicts](https://awesome-repositories.com/repository/thekingofduck-fuzzdicts.md) (8,355 ⭐) — fuzzDicts is a repository of curated wordlists and dictionaries designed for web application fuzzing. It provides collections of strings and payloads used to discover hidden files, subdomains, and security vulnerabilities. The project includes specialized libraries for different security testing vectors, such as dictionaries for common request and cookie parameters, lists of common subdomain prefixes, and collections of passwords and default vendor credentials for brute-force testing. It also maintains a security payload library containing character sequences used to identify flaws like SQL injection and cross-site scripting. The available datasets cover several capability areas, including hidden asset discovery, subdomain enumeration, and security vulnerability scanning. - [shieldfy/api-security-checklist](https://awesome-repositories.com/repository/shieldfy-api-security-checklist.md) (23,258 ⭐) — This project is a comprehensive API security audit checklist and vulnerability audit framework. It provides a structured guide of security countermeasures for designing, testing, and deploying secure APIs across various protocols. The framework includes specialized guides for securing OAuth 2.0 authorization flows, implementing zero trust networking for service-to-service communication, and protecting GraphQL endpoints from resource exhaustion and information leakage. It also provides standards for integrating static analysis, dynamic scanning, and secret detection into CI/CD delivery pipelines. The checklist covers a broad range of security capabilities, including authentication and identity verification, network access control, and API abuse prevention. It addresses traffic monitoring, secret management, request input validation, and the sanitization of API outputs. - [howtographql/howtographql](https://awesome-repositories.com/repository/howtographql-howtographql.md) (8,708 ⭐) — This project is a comprehensive educational resource and fullstack tutorial for GraphQL development. It provides instructional content and guides focused on designing schemas, implementing servers, and managing the end-to-end workflow of building production-ready applications. The material covers the conceptual differences between graph-based data structures and traditional API architectures. It includes a dedicated security course and guides for client integration, teaching users how to fetch data, manage application state, and apply protection measures to secure API endpoints. The scope of the content extends to server-side implementation, including the use of mutations, real-time subscriptions, and database integration. It also addresses the broader ecosystem of development tooling and advanced implementation patterns for both the backend and frontend. - [danielmiessler/seclists](https://awesome-repositories.com/repository/danielmiessler-seclists.md) (71,596 ⭐) — SecLists is a centralized library of security assessment data designed to support vulnerability discovery and penetration testing. It functions as a comprehensive repository of wordlists, payloads, and testing methodologies used to audit software, firmware, and internet-connected hardware for technical vulnerabilities. The project distinguishes itself through a standardized taxonomy and a language-agnostic data format, which allows security tools to predictably ingest and utilize its assets regardless of the underlying programming environment. By decoupling raw testing data from execution logic, the repository ensures that its collections of usernames, passwords, and injection patterns remain portable and compatible with a wide range of custom auditing frameworks and automated security tools. The collection covers a broad spectrum of security testing domains, including brute-force credential testing, web application fuzzing, and automated vulnerability scanning. It also provides structured guidance for firmware analysis and internet-connected device hardening, enabling researchers to apply consistent methodologies when identifying insecure configurations or potential system flaws. The repository is organized as a collection of flat-file assets within a hierarchical directory structure, facilitating integration into automated security workflows. - [apis-guru/graphql-faker](https://awesome-repositories.com/repository/apis-guru-graphql-faker.md) (2,713 ⭐) — 🎲 Mock or extend your GraphQL API with faked data. No coding required. - [reactfinland/graphql-api](https://awesome-repositories.com/repository/reactfinland-graphql-api.md) (0 ⭐) — This repository serves conference data over GraphQL and exposes a small set of supporting routes: - [fuzzdb-project/fuzzdb](https://awesome-repositories.com/repository/fuzzdb-project-fuzzdb.md) (8,819 ⭐) — fuzzdb is a collection of datasets designed for web application penetration testing and dynamic fuzzing. It provides a fuzzing payload dictionary, a resource discovery wordlist, and a fault injection dataset containing corrupted Unicode, null bytes, and escape codes to trigger application crashes and logic errors. The project includes a security filter bypass list featuring polyglots and encoded strings to evade web application firewalls and input validation filters. It also provides a comprehensive web application penetration testing dataset specifically for identifying flaws such as cross-site scripting, path traversal, and other common security vulnerabilities. The library covers a broad range of capabilities, including server configuration auditing, sensitive data discovery, and security filter evasion. It provides patterns to identify predictable resources, writable directories, and source disclosure vulnerabilities, as well as payloads for injecting OS commands, XPath, and remote file includes. - [gofr-dev/gofr](https://awesome-repositories.com/repository/gofr-dev-gofr.md) (21,321 ⭐) — Gofr is a comprehensive framework for building production-ready microservices in Go. It provides a unified toolkit for developing RESTful APIs and gRPC services, offering built-in support for observability, database management, and distributed system communication. The framework distinguishes itself through its focus on developer productivity and system resilience. It automates common backend tasks such as CRUD handler generation, schema-driven code creation, and database migration orchestration, while preventing race conditions in clustered environments. To maintain stability, it includes integrated resilience patterns like circuit breakers, request throttling, and automatic retry logic for network calls. Beyond core service development, the project covers a broad range of infrastructure needs including asynchronous messaging, background task scheduling, and cloud storage connectivity. It simplifies local development by providing orchestration tools to manage containerized dependencies and environment-specific configurations. The framework is designed for observability, featuring built-in support for distributed trace propagation, health monitoring, and performance metrics export. It includes standardized middleware for enforcing security policies and managing request pipelines across both HTTP and gRPC endpoints. - [sqlmapproject/sqlmap](https://awesome-repositories.com/repository/sqlmapproject-sqlmap.md) (37,676 ⭐) — This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuristic fingerprinting, which adjusts injection techniques in real-time based on server responses. It supports advanced post-exploitation capabilities, including remote command execution on the underlying host operating system and file system access through database-level vulnerabilities. To navigate restricted environments, the software incorporates out-of-band data exfiltration channels and a middleware pipeline for applying user-defined transformations to bypass security filters and web application firewalls. The suite covers a broad range of operational requirements, including stateful session management, anti-CSRF token handling, and extensive request customization. It supports various target specification methods, such as proxy log analysis and remote API management, while offering granular control over scan performance and detection thresholds. The software is distributed as a command-line application, with configuration management supported through external file loading and command-line arguments. - [konstantinmuenster/graphql-weather-api](https://awesome-repositories.com/repository/konstantinmuenster-graphql-weather-api.md) (0 ⭐) — Retrieve the current weather for any given city. Since this GraphQL API uses the free-tier of the Open Weather Map API, it is restricted to 60 calls/minute. - [donnemartin/system-design-primer](https://awesome-repositories.com/repository/donnemartin-system-design-primer.md) (353,387 ⭐) — This project is a comprehensive educational resource and study guide focused on distributed systems architecture and backend infrastructure design. It provides a structured curriculum for mastering the principles of scalability, reliability, and performance required to design complex software systems. The repository distinguishes itself by offering a methodical approach to technical interview preparation, incorporating design patterns, architectural trade-offs, and spaced repetition tools to help users retain complex concepts. It emphasizes constraint-driven analysis, teaching users how to evaluate competing requirements like latency, consistency, and availability when drafting architectural designs. The content covers a broad spectrum of system design capabilities, including strategies for database scaling, traffic management, and infrastructure optimization. It details techniques for horizontal scaling, multi-layered caching, asynchronous communication, and service discovery, while also providing frameworks for performing resource estimations and capacity planning. The documentation is organized as a study guide, offering a systematic path through the fundamentals of backend engineering and large-scale system design. - [tencent/ai-infra-guard](https://awesome-repositories.com/repository/tencent-ai-infra-guard.md) (2,971 ⭐) — AI-Infra-Guard is a security scanning platform designed to detect vulnerabilities across large language model deployments, AI agent skills, and the underlying infrastructure. It functions as a security toolset for auditing source code, evaluating model robustness, and identifying insecure network configurations. The project provides a red teaming framework that uses curated attack datasets to test for jailbreak vulnerabilities and prompt injections. It also includes an infrastructure auditor that employs network fingerprinting and asset discovery to match running components against known common vulnerabilities and exposures databases. The system covers a broad range of security assessment capabilities, including agent workflow auditing, remote source code scanning, and automated security pipelines. These processes are accessible via programmatic interfaces for triggering audits and system integrity checks. - [stephenjude/api-test-helper](https://awesome-repositories.com/repository/stephenjude-api-test-helper.md) (0 ⭐) — This is a collection of helper methods for testing and debugging API endpoints. - [boazdejong/serverless-graphql-api](https://awesome-repositories.com/repository/boazdejong-serverless-graphql-api.md) (0 ⭐) — GraphQL Lambda Server using graphql-server-lambda from Apollo. - [azure/pyrit](https://awesome-repositories.com/repository/azure-pyrit.md) (3,444 ⭐) — PyRIT is an AI vulnerability assessment tool and security scanner designed to detect risks in large language model applications. It functions as a generative AI red teaming framework used to simulate adversarial attacks and identify weaknesses in system guardrails. The tool automates AI risk assessment by scanning generative AI components for security vulnerabilities. It utilizes automated testing and analysis to identify security gaps and prevent potential exploits through a consistent, repeatable process. The system incorporates asynchronous model orchestration to compare security postures across multiple models and uses heuristic-based risk scoring to quantify attack success. It supports prompt-based adversarial generation, template-based payload injection, and stateful interaction loops for multi-turn simulations. A plugin-driven test suite allows for the integration of modular security checkers to target specific AI vulnerabilities. - [github/docs](https://awesome-repositories.com/repository/github-docs.md) (18,951 ⭐) — GitHub Copilot is an AI-powered development platform designed to integrate large language models directly into coding environments. It functions as an interactive assistant and an agentic workflow orchestrator, enabling developers to automate code generation, perform automated code reviews, and execute complex, multi-step development tasks through natural language prompts. The platform distinguishes itself through its autonomous agent capabilities, which allow for repository-level research, implementation planning, and code modifications across multiple files. It supports a modular architecture where users can define custom agent personas, integrate external data sources via standardized protocols, and manage specialized skills. This extensibility is complemented by a robust orchestration engine that handles model routing, persistent conversation compression, and sandboxed execution to ensure secure and efficient task completion. Beyond core coding assistance, the system provides comprehensive infrastructure for enterprise governance and resource management. It includes features for usage-based billing, token-based metering, and granular security controls such as content filtering, data residency enforcement, and role-based access management. The platform also offers deep integration with command-line tools and CI/CD pipelines, allowing for programmatic automation of repository workflows and terminal-based debugging. The system is accessible through IDE plugins and command-line interfaces, with centralized dashboards for monitoring performance, auditing activity, and managing subscription settings. - [wp-graphql/wp-graphql](https://awesome-repositories.com/repository/wp-graphql-wp-graphql.md) (3,780 ⭐) — :rocket: GraphQL API for WordPress - [elder-plinius/l1b3rt4s](https://awesome-repositories.com/repository/elder-plinius-l1b3rt4s.md) (20,033 ⭐) — L1B3RT4S is an adversarial machine learning toolkit designed for red teaming and evaluating the robustness of large language models. It provides a research framework for investigating how safety alignment mechanisms and content moderation systems respond to sophisticated input strategies. The project focuses on identifying vulnerabilities in model guardrails by employing techniques such as adversarial narrative framing, dynamic context injection, and latent space steering. It utilizes multi-agent prompt decomposition and recursive text transformation to analyze how structural changes to input queries influence the output restrictions of language models. This utility supports systematic research into adversarial prompt engineering and the effectiveness of safety filters. It allows users to probe model behavior through payload fragmentation and various linguistic cues, facilitating the study of how alignment mechanisms interpret and respond to complex, non-standard instructions. - [hasura/graphql-engine](https://awesome-repositories.com/repository/hasura-graphql-engine.md) (32,064 ⭐) — graphql-engine is an automated GraphQL API engine that transforms database tables and relationships into a queryable GraphQL schema. It functions as a federation gateway and mapper, instantly generating APIs with built-in filtering, pagination, and mutations from existing databases and remote schemas. The project distinguishes itself through a fine-grained access control layer that enforces row-level and field-level permissions. It further provides a real-time data subscription server that converts standard queries into live streams and a system for triggering event-driven webhooks and notifications in response to database changes. The platform covers a broad range of capabilities including remote schema federation for merging disparate data sources, a REST API gateway for exposing saved queries, and support for spatial and hierarchical data querying. It also includes tools for schema migration management and a visual administrative interface for database configuration. The system can be deployed via containerized orchestration using Docker Compose or Kubernetes. - [dbt-labs/dbt-core](https://awesome-repositories.com/repository/dbt-labs-dbt-core.md) (13,051 ⭐) — dbt-core is a command-line framework for transforming data within a warehouse using modular SQL and version control. It functions as a data transformation engine that enables users to define data structures and business logic through declarative configuration files, which the system then compiles into executable code. By managing complex data dependencies through a directed acyclic graph, it ensures that transformation tasks execute in the correct order while maintaining a manifest-driven state to track lineage and execution history. The project distinguishes itself through an adapter-based database abstraction that translates generic transformation commands into dialect-specific SQL for various data warehouses. It utilizes a template engine to dynamically generate and inject SQL logic at runtime, allowing for highly flexible and reusable transformation scripts. Furthermore, it supports an incremental materialization strategy that optimizes performance by processing only new or changed records, merging them into existing tables using unique keys to reduce compute costs. The framework covers the entire lifecycle of data transformation, including development, testing, deployment, and monitoring. It provides comprehensive capabilities for managing data lineage, enforcing code quality through automated linting and testing, and orchestrating complex pipelines across distributed environments. Users can also leverage a centralized semantic layer to define and govern business metrics, ensuring consistent data reporting across diverse analytical tools. The project is distributed as a Python-based tool, providing a unified interface for local development that integrates with version control systems and cloud-based configuration management. - [dolevf/graphql-cop](https://awesome-repositories.com/repository/dolevf-graphql-cop.md) (652 ⭐) — Security Auditor Utility for GraphQL APIs - [crowdsecurity/crowdsec](https://awesome-repositories.com/repository/crowdsecurity-crowdsec.md) (12,574 ⭐) — CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions. What distinguishes the project is its decoupled enforcement model, which offloads active blocking to lightweight external components known as bouncers. These bouncers query the central API to synchronize threat intelligence and apply real-time remediation across distributed environments. The system also features a hub-based configuration management framework, allowing users to download and deploy community-curated security scenarios, parsers, and collections to ensure consistent protection against evolving threats. The platform provides a comprehensive suite of tools for security operations, including automated log parsing pipelines, event-driven plugin systems for notification workflows, and extensive command-line utilities for infrastructure management. It supports flexible deployment patterns across standalone, containerized, and cloud-native environments, enabling centralized orchestration of security agents and fleet-wide monitoring of threat activity. The project includes a robust documentation and command-line interface that facilitates the lifecycle management of security components, from initial service discovery and configuration to the validation of detection logic and the auditing of active security policies. - [cachethq/cachet](https://awesome-repositories.com/repository/cachethq-cachet.md) (14,932 ⭐) — Cachet is a self-hosted, open-source status page system designed to communicate service uptime, incident history, and infrastructure performance to end users. It provides a centralized dashboard for managing the operational lifecycle of system components, tracking service disruptions, and scheduling maintenance windows. The platform distinguishes itself through a comprehensive RESTful API that enables programmatic status page management and automated incident reporting. It supports deep integration with external monitoring tools, allowing for the synchronization of performance metrics and the automated triggering of status updates. Administrators can standardize communication using reusable incident templates and maintain system integrity through event-driven webhook notifications that include payload signing for authenticity. Beyond core reporting, the system offers extensive customization options for the public-facing interface, including branding, layout adjustments, and custom asset injection. It manages administrative access through team-based permissions and protects service availability using request throttling and token-based authentication. The platform also includes built-in telemetry for usage reporting and tools for visualizing quantitative performance data over time. The software is built using a model-view-controller pattern and relies on a relational database for state persistence. It is distributed as a web-based application that can be installed and configured to match specific organizational branding requirements. - [api-security/apikit](https://awesome-repositories.com/repository/api-security-apikit.md) (2,270 ⭐) — APIKit:Discovery, Scan and Audit APIs Toolkit All In One. - [voorivex/pentest-guide](https://awesome-repositories.com/repository/voorivex-pentest-guide.md) (2,761 ⭐) — This project is a comprehensive web application penetration testing guide and vulnerability research framework. It provides a structured methodology for identifying and exploiting security flaws through a phased approach involving reconnaissance, analysis, and exploitation. The resource is distinguished by its use of a curated methodology framework that links theoretical vulnerability patterns to real-world bug bounty reports and historical exploit examples. It includes a payload-based testing library and a reference system that maps specific vulnerability categories to recommended third-party security tools. The guide covers a broad spectrum of security analysis, including attack surface mapping, authentication and session auditing, and infrastructure configuration reviews. It provides detailed procedures for identifying common vulnerabilities such as injection flaws, broken access control, business logic gaps, and token-based security issues. The project is organized as a collection of manuals and checklists, including a web security audit checklist and a dedicated API security testing manual. - [hayes/pothos](https://awesome-repositories.com/repository/hayes-pothos.md) (2,576 ⭐) — Pothos is a code-first GraphQL schema builder and framework designed for type-safe development. It allows developers to construct schemas using typed definitions in TypeScript, eliminating the need for external code generation steps. The framework distinguishes itself through a dedicated data mapper that connects GraphQL types to relational databases and ORMs, such as Prisma, while optimizing query resolution. It provides a full implementation of the Relay specification, including global object identification and cursor-based pagination. The project covers several core capability areas, including a granular authorization framework for field-level access control and a performance optimization suite that utilizes request batching and data-fetching plans to prevent N+1 query issues. It also includes structured error handling via union types, query complexity limiting, and tools for transforming static queries into live subscriptions. The project provides utilities for schema-to-code conversion to facilitate migration and includes built-in support for resolver execution tracing and field mocking. - [api-security/apisandbox](https://awesome-repositories.com/repository/api-security-apisandbox.md) (422 ⭐) — Pre-Built Vulnerable Multiple API Scenarios Environments Based on Docker-Compose. - [analysis-tools-dev/static-analysis](https://awesome-repositories.com/repository/analysis-tools-dev-static-analysis.md) (14,389 ⭐) — This project is a comprehensive, curated directory of static analysis, linting, and security scanning utilities. It serves as a central resource for developers to discover, compare, and select tools based on specific programming languages, licensing models, and integration requirements. The directory distinguishes itself by providing deep metadata for each listed utility, including community-driven popularity rankings, maintenance status, and deployment methods. By aggregating these tools into a single searchable index, it enables teams to identify solutions for enforcing coding standards, managing technical debt, and auditing software supply chain security. The collection covers a broad spectrum of analysis capabilities, ranging from automated code refactoring and structural transformation to formal verification and database schema analysis. It also includes resources for orchestrating multiple linters within development workflows, visualizing code metrics, and performing security compliance audits across diverse repositories. - [fastapi/fastapi](https://awesome-repositories.com/repository/fastapi-fastapi.md) (99,260 ⭐) — FastAPI is a web framework for building APIs with Python. It leverages standard language type hints to provide automatic data validation, request parsing, and interactive API documentation generation. The framework supports asynchronous request handling and manages execution contexts to prevent blocking the main event loop. The project includes a dependency injection system that allows for the resolution and injection of reusable components into request handlers. This system supports request-scoped caching, lifecycle management, and integration with security mechanisms like OAuth2 and JSON Web Tokens. Developers can organize applications into modular routers and mount sub-applications to manage complex routing logic. Infrastructure features include middleware support for cross-origin resource sharing, background task management, and static file serving. The framework automatically generates OpenAPI specifications for defined endpoints, which can be customized through metadata and schema extensions. Testing utilities are provided to simulate HTTP and WebSocket connections, allowing for isolated verification of application behavior. - [graphql/graphql-playground](https://awesome-repositories.com/repository/graphql-graphql-playground.md) (8,839 ⭐) — GraphQL Playground is an interactive development environment and API client used for writing, testing, and debugging GraphQL queries, mutations, and subscriptions. It functions as a visual tool for executing requests against a GraphQL server and inspecting the resulting JSON responses. The project includes a documentation browser for exploring schemas and an editor with autocompletion and error highlighting. It provides specialized capabilities for analyzing API performance through tracing visualization and supports real-time data updates via subscription streaming. The environment allows for switching between multiple API endpoints and project configurations. Users can share specific request states and headers through URL-encoded workspace snapshots to facilitate collaborative API testing. The interface can be embedded directly into a web server using middleware integration. - [apis-guru/graphql-voyager](https://awesome-repositories.com/repository/apis-guru-graphql-voyager.md) (8,144 ⭐) — GraphQL Voyager is a schema visualizer and data model explorer that provides an interactive graph representation of a GraphQL API. It serves as a documentation tool for inspecting types and fields by transforming schema introspection data into a visual interface. The tool maps the relationships between different types and fields, allowing for the analysis of complex data models and their connections. Users can filter the visual representation to remove deprecated fields or wrapper classes and use a dedicated information panel to examine technical specifications for specific data types. - [ent/ent](https://awesome-repositories.com/repository/ent-ent.md) (17,110 ⭐) — Ent is a statically typed entity framework for Go that models database structures as a graph of nodes and edges. It functions as a code generation engine that transforms schema definitions into type-safe database clients, query builders, and migration scripts. By representing data as interconnected entities, the framework enables intuitive traversal of complex relationships and ensures that database interactions remain consistent with the application model at compile time. The framework distinguishes itself through its graph-based approach to data modeling and its reliance on compile-time code generation to enforce type safety. It automates the synchronization of database schemas with application models, providing tools to manage versioned migrations and validate structural integrity before changes are applied. Developers can customize the generation pipeline using templates to tailor the output to specific infrastructure requirements. Beyond core modeling and generation, the project provides a comprehensive suite of tools for managing the data lifecycle. This includes automated API development for GraphQL, cursor-based pagination for large datasets, and built-in mechanisms for auditing data changes. The system also optimizes data retrieval by automating the loading of related entities, reducing the need for manual query management. - [ariga/atlas](https://awesome-repositories.com/repository/ariga-atlas.md) (8,096 ⭐) — Atlas is a SQL database schema management tool and database infrastructure as code framework. It provides a declarative database migration engine that computes the difference between a desired schema state and the current database state to automatically generate the necessary SQL for transitions. The project distinguishes itself through a comprehensive suite of analysis and visualization tools, including a database schema linter that detects destructive changes and data loss risks. It also features a SQL schema visualization tool capable of generating entity-relationship diagrams from extracted database structures. The platform covers a broad surface of database operations, including versioned migration management, schema drift detection, and declarative seed data synchronization. It extends into security and governance by treating database access control, roles, and permissions as version-controlled code. The tool integrates with CI/CD pipelines, GitOps workflows, and infrastructure orchestration tools to automate the linting, testing, and deployment of database changes.