ci
security-wg
ci | security-wg | |
---|---|---|
4 | 6 | |
19 | 482 | |
- | 1.0% | |
5.8 | 8.9 | |
4 days ago | 3 days ago | |
TypeScript | JavaScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ci
-
JS-X-Ray 6.0
i18n (for translation in CI or CLI).
-
📦 Everything you need to know: package managers
@nodesecure/ci, a tool allowing to run SAST, SCA and many more analysis in CI/CDs or in a local environment
- NodeSecure - What's new in 2022 ?
-
Make your JavaScript project safer by using this workflow
@nodesecure/ci brings together a set of tools to identify dependencies vulnerabilities and track most common malicious code and patterns using Static Code Analysis and Vulnerabilities Analysis
security-wg
-
Securizing your GitHub org
As I was working on an open source security project, I put pressure on myself to be ready. Also as a member of the Node.js Security WG I thought it was an interesting topic and that I was probably not the only one who was worried about not being up to the task 😖.
-
You should use the OpenSSF Scorecard
We began the discussion in this issue, and here you can find the meeting notes:
-
Dozens of malicious PyPI packages discovered targeting developers
Node.js is building something very similar: Permission Model https://github.com/nodejs/security-wg/issues/791
-
Announcing NodeSecure Vulnera
deprecated Node.js Security WG Database
- NodeSecure - What's new in 2022 ?
-
Make your JavaScript project safer by using this workflow
Node.js Security Working Group
What are some alternatives?
cli - JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.
cargo-vet - supply-chain security for Rust
ci-action - The official GitHub action of the @nodesecure/ci package
scorecard - OpenSSF Scorecard - Security health metrics for Open Source
js-x-ray - JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
W4SP-Stealer - w4sp Stealer official source code, one of the best python stealer on the web [GET https://api.github.com/repos/loTus04/W4SP-Stealer: 403 - Repository access blocked]
vulnera - Programmatically fetch security vulnerabilities with one or many strategies (NPM Audit, Sonatype, Snyk, Node.js DB).
secimport - eBPF Python runtime sandbox with seccomp (Blocks RCE).
rc - NodeSecure runtime configuration
scanner - ⚡️ A package API to run a static analysis of your module's dependencies. This is the CLI engine!
webappsec-subresource-integrity - WebAppSec Subresource Integrity
cli - Command line interface for the Phylum API