privado
dastardly-github-action
| privado | dastardly-github-action | |
|---|---|---|
| 21 | 1 | |
| 472 | 214 | |
| 0.8% | 2.8% | |
| 9.1 | 3.5 | |
| 6 days ago | 8 months ago | |
| Dockerfile | Dockerfile | |
| GNU Lesser General Public License v3.0 only | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
privado
- Policy team rejects app update: "Invalid Data safety form"
-
How to fill up Data Safety section correctly?
Try this tool to help you get it right: https://github.com/Privado-Inc/privado
-
Issue found: Invalid Data safety form / I did as I was told but kept getting rejection emails?
Just use Privado. It will scan your code and automatically generate the data safety form results.
- App rejected: Issue found: Invalid Data safety form
-
Mastodon's Privacy: Who actually holds your data in Mastodon
I love that Mastodon is decentralized. But as a privacy engineer, I was curious about how their app handles our data compared to what they claim in their privacy policy, so I analyzed their open-source app code in my privacy code scanning tool.
-
Open Source privacy scanning tool to create data flows from code
u/SZenC great point, our scanning tool detects more than 120 data elements right out of the box. Right from Fitness Data, Health Data, Device Ids, Ratings & Reviews etc. You can see the entire list of data elements we discover here: https://github.com/Privado-Inc/privado/tree/main/rules/sources
Except for a few framework specific things (such as how route handlers are defined - eg. via annotations in Spring) our code analysis platform is framework agnostic. Our system works with major frameworks and we continually improve if we have to add extra support. I can foresee some minor work needed for Vert.x for example. Templating (eg. via JSP) is not supported, but we welcome all contributions!! Please raise an issue on the tracker: https://github.com/Privado-Inc/privado/issues
Tagging data elements as source: Here we are looking for variables with known PII patterns. We have over 150 data elements listed here as rules.
You can check out the tool at https://github.com/Privado-Inc/privado. Would love to hear about your feedback and contributions to the same.
dastardly-github-action
-
Dastardly a free DAST for web app CI/CD Pipelines
Github actions - https://github.com/PortSwigger/dastardly-github-action
What are some alternatives?
mastodon-android - Official Android app for Mastodon
lotus - :zap: Fast Web Security Scanner written in Rust based on Lua Scripts :waning_gibbous_moon: :crab:
Papercups - Open-source live customer chat
kubestriker - A Blazing fast Security Auditing tool for Kubernetes
humbug - Get usage metrics and crash reports for your API, library, or command line tool.
awesome-threat-modelling - A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Databunker - Secure SDK/vault for personal records/PII built to comply with GDPR
AutoSploit - Automated Mass Exploiter
enclaive-docker-mariadb-sgx - SGX-ready Enclaive Docker Image for MariaDB
iabtcf-es - Official compliant tool suite for implementing the Transparency and Consent Framework (TCF) v2.0. The essential toolkit for CMPs.
lunasec - LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/