JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

Docker Scout GitHub Action

Runtime Security Solution for your CI/CD Pipeline

scans popular packages and alerts in cases there is suspicion of an account takeover

Secure GitHub actions with 1 line of code

Damn Vulnerable SCA Application

Materials for the talk "How to automate dependency updates with the Renovate bot"

automated tool designed to scan package dependency files of repositories on GitHub for vulnerable packages

Check CVSS v3.1 and EPSS scores for a given CVE ID and whether its in CISA KEV catalog

Developed a system that keeps track of the product quality and other factors throughout the supply chain by using Blockchain technology

Lab repository demonstrates how to create provenance without using the npm CLI and publish a package to npmjs.com with an attached provenance file (not generated by the npm CLI)