Repositories list

• kics

  Public
  Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

  securityiacinfrastructure-as-code+ 9cloudnativeappsecvulnerability-detectionhacktoberfestvulnerability-scannerssecurity-toolsopen-policy-agent+ 2

  Open Policy Agent

  •

  Apache License 2.0

  •310•2.1k•113•64•Updated Nov 16, 2024Nov 16, 2024

• ast-teamcity-plugin

  Public
  The CxAST TeamCity plugin enables you to trigger SAST, SCA, and KICS scans directly from a TeamCity project.

  securityteamcity-plugincheckmarx+ 1checkmarx-ast

  Java

  •

  Apache License 2.0

  •2•3•0•9•Updated Nov 15, 2024Nov 15, 2024

• ast-visual-studio-extension

  Public
  The CxAST Visual Studio plugin enables you to import results from a CxAST scan directly into your IDE

  securityvisual-studio-extensioncheckmarx+ 2visual-studio-2022checkmarx-ast

  C#

  •

  Apache License 2.0

  •6•2•3•6•Updated Nov 15, 2024Nov 15, 2024

• ast-cli

  Public
  A CLI project wrapping application security testing (AST) APIs

  astcheckmarxcheckmarx-ast+ 1cli

  Go

  •

  Apache License 2.0

  •26•41•5•13•Updated Nov 14, 2024Nov 14, 2024

• 2ms

  Public
  Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git

  securitysecret-managementsecrets+ 3appsecsecret-keysapi-keys

  Go

  •

  Apache License 2.0

  •18•80•32•2•Updated Nov 14, 2024Nov 14, 2024

• ast-azure-plugin

  Public
  The CxAST Azure DevOps plugin enables you to trigger SAST, SCA, and KICS scans directly from an Azure DevOps pipeline.

  securitysecurity-toolsazure-devops-extension+ 2checkmarxcheckmarx-ast

  TypeScript

  •

  Apache License 2.0

  •3•4•3•14•Updated Nov 14, 2024Nov 14, 2024

• homebrew-ast-cli

  Public
  Ruby

  •0•2•0•0•Updated Nov 14, 2024Nov 14, 2024

• ast-cli-maven-plugin

  Public
  A Maven plugin for using the AST CLI in Maven lifecycle phases

  Java

  •

  Apache License 2.0

  •0•0•0•9•Updated Nov 11, 2024Nov 11, 2024

• ast-vscode-extension

  Public
  The Checkmarx One Visual Studio Code plugin (extension) enables you to import results from a Checkmarx One scan directly into your VS Code console. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor.

  securityvscode-extensioncheckmarx+ 1checkmarx-ast

  Hack

  •

  Apache License 2.0

  •6•11•7•14•Updated Nov 11, 2024Nov 11, 2024

• ast-jetbrains-plugin

  Public
  The CxAST JetBrains plugin enables you to import results from a CxAST scan directly into your IDE.

  securityjetbrains-plugincheckmarx+ 1checkmarx-ast

  Java

  •

  Apache License 2.0

  •3•2•0•8•Updated Nov 11, 2024Nov 11, 2024

• gen-ai-prompts

  Public
  Remediate SAST results using AI

  Go

  •0•0•1•0•Updated Nov 7, 2024Nov 7, 2024

• ast-github-action

  Public
  Checkmarx application security testing (AST) GitHub action

  securitygithub-actionscheckmarx+ 1checkmarx-ast

  Shell

  •

  Apache License 2.0

  •23•16•12•4•Updated Nov 5, 2024Nov 5, 2024

• ast-eclipse-plugin

  Public
  The CxAST Eclipse plugin enables you to import results from a CxAST scan directly into your IDE. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor.

  securityeclipse-plugincheckmarx+ 1checkmarx-ast

  Java

  •

  Apache License 2.0

  •9•4•0•2•Updated Nov 5, 2024Nov 5, 2024

• gen-ai-wrapper

  Public
  Go

  •

  Apache License 2.0

  •0•0•1•6•Updated Oct 28, 2024Oct 28, 2024

• vorpal-reviewdog-github-action

  Public
  Run Vorpal with reviewdog 🐶

  Shell

  •

  Apache License 2.0

  •0•3•0•0•Updated Oct 10, 2024Oct 10, 2024

• kics-github-action

  Public
  GitHub actions of KICS scan - Keeping Infrastructure as Code Secure

  JavaScript

  •

  GNU General Public License v3.0

  •33•43•9•1•Updated Oct 3, 2024Oct 3, 2024

• kics-cdk-validator-plugin

  Public
  A KICS plugin for AWS CDK

  TypeScript

  •

  Apache License 2.0

  •3•6•1•4•Updated Oct 3, 2024Oct 3, 2024

• dast-github-action

  Public
  Shell

  •

  GNU General Public License v3.0

  •2•2•0•1•Updated Sep 23, 2024Sep 23, 2024

• sast-to-ast-export

  Public
  CLI tool to export data from CxSAST and import into Checkmarx Application Security Testing Platform

  securityapplicationast+ 1sast

  Go

  •

  Apache License 2.0

  •6•3•4•0•Updated Sep 20, 2024Sep 20, 2024

• terraform-aws-cxone

  Public
  HCL

  •5•0•1•2•Updated Aug 20, 2024Aug 20, 2024

• artifactory-security-plugin

  Public
  Java

  •

  Apache License 2.0

  •1•0•0•0•Updated Jul 16, 2024Jul 16, 2024

• ci-cd-integrations

  Public
  If you are using a CI/CD platform that doesn’t yet have a dedicated Checkmarx plugin, please check this repository.

  circlecimavenbitbucket+ 6ci-cdsonarbamboo-plugincheckmarxsecurtiycheckmarx-ast

  Groovy

  •

  Apache License 2.0

  •17•7•0•1•Updated Jul 3, 2024Jul 3, 2024

• Goatlin

  Public
  (aka Kotlin Goat) - an intentionally vulnerable Kotlin application

  Kotlin

  •

  GNU General Public License v3.0

  •125•33•0•7•Updated Apr 17, 2024Apr 17, 2024

• capital

  Public
  A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.

  ctfvulnerable-web-appapisecurity

  CSS

  •

  GNU Affero General Public License v3.0

  •67•274•4•13•Updated Apr 12, 2024Apr 12, 2024

• gitleaks

  Public
  Protect and discover secrets using Gitleaks 🔑

  Go

  •

  MIT License

  •1.5k•0•0•1•Updated Mar 31, 2024Mar 31, 2024

• overlay

  Public
  Overlay is a browser extension helping developers evaluate open source packages before picking them

  JavaScript

  •

  MIT License

  •17•1•0•0•Updated Feb 21, 2024Feb 21, 2024

• nexus-security-plugin

  Public
  Java

  •

  Apache License 2.0

  •1•2•0•0•Updated Jul 26, 2023Jul 26, 2023

• cuteboi

  Public
  This open-source project tracks CuteBoi's activity over time as there are evidence the actor is still active. All information provided here is intended for research purposes.

  Vue

  •5•28•0•0•Updated Jul 23, 2023Jul 23, 2023

• red-lili

  Public
  This open-source project tracks RED-LILI's activity over time as there are evidence the actor is still active. All information provided here is intended for research purposes.

  npmmalicious-packagessupply-chain-security+ 1red-lili

  Vue

  •4•11•0•0•Updated Jun 23, 2023Jun 23, 2023

• kics-github-action-demo

  Public
  A demo repo to show KICS Github Action in Action

  securitycloudiac+ 1kics

  Go

  •

  Apache License 2.0

  •4•0•0•1•Updated May 13, 2023May 13, 2023