lawrence44r Goto Github PK

policy-as-code

GitHub Advanced Security Policy as Code

privilege-escalation

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.

probot-security-alerts

Sample GitHub App which monitors and enforces rules for code scanning, Dependabot, and secret scanning alerts

purview-adb-lineage-solution-accelerator

A connector to ingest Azure Databricks lineage into Microsoft Purview

purview-machine-learning-lineage-solution-accelerator

Solution accelerator to help build Machine Learning Lineage

purview-samples

python-lint-code-scanning-action

Lint and type check Python with your choice of popular linters, and upload results to GitHub Code Scanning

remap-sarif

Remap a SARIF file with sourcemaps

reusable-workflows

Advanced Security Reusable GitHub Actions Workflows

running-with-scissors

Resources from my KubeCon + CloudNativeCon keynote

sample-codeql-pipeline-config

Integrate CodeQL into CI/CD pipelines, using the CodeQL CLI Bundle for Automated Code Scanning

sarif-toolkit

All things SARIF, as an Action

sarif-viewer

JetBrains IDE plugin for displaying SARIF from GHAS or from a local file

sbom-generator-action

secret-scanning-custom-patterns

Examples of Custom Secret Scanning Patterns

secret-scanning-notifications

A GitHub Action that sends email notifications to security manager team for any new or resolved secret scanning alerts based on a set frequency

secret-scanning-review-action

Action to detect if a secret is initially detected in a PR commit

secret-scanning-tools

Testing Suite for GitHub Secret Scanning Custom Patterns

sentinel-queries

Collection of KQL queries

set-codeql-language-matrix

Automatically set the CodeQL matrix job using the languages in your repository.

slack-secret-scanning-notifier-azure-function

Slack notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function

soc-threat-hunting

Repo of python/bash scripts for identifying IoC's in threat feed and other online tools

spdx-dependency-submission-action

spotbugs-findsecbugs-action

Run SpotBugs with FindSecBugs on Java and other JVM languages (e.g. Scala), and upload the results to GitHub Code Scanning

static-analysis

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

survey-link

tag-sarif

[deprecated] Tag SARIF to allow filtering by that tag in GitHub Advanced Security Code Scanning

teams-secret-scanning-notifier-azure-function

Microsoft Teams notifier for Secret Scanning alerts from GitHub Advanced Security, using a GitHub App and Azure Function

trufflehog

Find and verify secrets

vulnerableapp

OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.