Add the SurveyJS white-label form builder to your JavaScript app (React/Angular/Vue3). Build complex JSON forms without coding. Fully customizable, works with any backend, perfect for data-heavy apps. Learn more. Learn more →
Lunasec Alternatives
Similar projects and alternatives to lunasec
-
-
SurveyJS
JavaScript Form Builder with No-Code UI & Built-In JSON Schema Editor. Add the SurveyJS white-label form builder to your JavaScript app (React/Angular/Vue3). Build complex JSON forms without coding. Fully customizable, works with any backend, perfect for data-heavy apps. Learn more.
-
Apache Log4j 2
Apache Log4j is a versatile, feature-rich, efficient logging API and backend for Java.
-
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
-
-
dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
-
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
log4shell-tools
Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046
-
-
ysoserial
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
-
-
-
-
-
-
-
Scrabble Solver by Kamil Mielnik
Free, open-source, cross-platform, multi-language analysis tool for Scrabble, Scrabble Duel, Super Scrabble, Letter League, Literaki, and Kelimelik. Quickly find the top-scoring words using the given board and tiles. Available in 8 languages.
-
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
lunasec discussion
lunasec reviews and mentions
-
Installing Arch Linux on a Laptop
Nit picking a bit but I prefer btrfs even if it's slower. Easier to work with.
What bootloader is this using? Or is it just straight EFI booting?
I helped write a guide a few years back that still is what I do using systemd-boot. https://github.com/lunasec-io/lunasec/blob/master/docs/blog/...
How is Wayland support these days? I love i3 but I know Sway promises to be close enough.
- Guys, I taught ChatGPT to browse the internet and it is bloody amazing.
-
Ask HN: Those making $0/month or less on side projects – Show and tell
LunaTrace: https://lunatrace.lunasec.io/
Premise: Open Source[0] alternative to GitHub Dependabot and `npm audit` that focuses on helping you prioritize where to patching first (only 0.1% of CVEs are used in cyber attacks).
Short YouTube demo: https://www.youtube.com/watch?v=ugdSyR2L6sY
A newer video showing off the whole Static Analysis engine: https://www.youtube.com/watch?v=vPd4MSUJ98M
Price: $0 for Open Source repos. We're hoping to charge for private repos in the future, but we need to build out the billing features first lol. (We're at $0 in revenue currently.)
If you are filled with rage because of CVEs spamming you, come vent your frustrations on Discord: https://discord.gg/2EbHdAR5w7
We're looking for early customers that are interested in working with us. My email is on my profile. Cheers!
[0]: Source Code, https://github.com/lunasec-io/lunasec/
-
Log4Shell Still Has Sting in the Tail
(Note: I'm the person that coined the term "Log4Shell")
You may be surprised when I tell you what the Apache Software foundations yearly budget is. You'd think for software that is used by practically every Fortune 500 company and most governments, it would be something reasonable. Maybe a few hundred million dollars a year to pay for a reasonable full-time staff, right?
It turns out... it's about $2 million a year. (Wikipedia[0])
This helps explain to me why the devs of Log4j directly uploaded the file "JNDIExploit.java" (the POC) to GitHub while they were patching. (Here is a full analysis and guide about how to prevent that[1].)
They're not security people. They're volunteers working on this in addition to their full-time job.
What kind of brave soul wants to trudge through and maintain log4j in their spare time for zero compensation? I appreciate the people that are capable of doing that, but I think they are rare!
This whole entire vulnerability was eye opening for everybody and I have actually spent the last year building tooling on GitHub to help fix the problems that Log4Shell exposed.
If you have 2 seconds to try that out or just Star the repo[2], it would be very helpful!
0: Log4j revenue https://en.wikipedia.org/wiki/The_Apache_Software_Foundation
1: "How to Discuss and Fix Vulnerabilities in Open Source" https://www.lunasec.io/docs/blog/how-to-mitigate-open-source...
2: GitHub project building better dependency patching tools https://github.com/lunasec-io/lunasec
-
Malicious Python Packages Replace Crypto Addresses in Developer Clipboards
If anybody is curious to replicate this type of analysis, we should connect because I've been working a project to build an engine for this type of analysis for about a year now. GitHub Repo
-
Dozens of malicious PyPI packages discovered targeting developers
It is possible to set your registry in NPM via the "npmrc" file. That will let you hit the specified HTTP server whenever you run commands like "npm install".
I know this is also possible for Python because we did it at Uber. I don't remember the specific details anymore though.
In either case though, a lot of people have written proxies for this use case (I helped write one for NPM at Uber). Companies like Bytesafe and Artifactory also exist in this space.
We're working on something similar that's on GitHub here: https://github.com/lunasec-io/lunasec
Proxy support isn't built out yet but the data is all there already.
- Preventing the bait and switch by open core software companies
-
Ignore 98% of dependency alerts: introducing Semgrep Supply Chain
Here is some code on GitHub that does call site checking using SemGrep: https://github.com/lunasec-io/lunasec/blob/master/lunatrace/...
(Note: I helped write that. We're building a similar service to the r2c one.)
You're right that patching is hard because of opaque package diffs. I've seen some tools coming out like Socket.dev which show a diff between versions. https://socket.dev/npm/package/react/versions
But, that said, this is still a hard problem to solve and it's happened before that malware[0][1] has been silently shipped because of how opaque packages are.
0: https://web.archive.org/web/20201221173112/https://github.co...
1: https://www.coindesk.com/markets/2018/11/27/fake-developer-s...
-
Ask HN: How do you deploy your weekend project in 2022?
https://github.com/lunasec-io/lunasec/blob/master/lunatrace/...
It's more complicated now but if you look at the history of that "backend-cdk" folder then it's simpler a few months ago.
The important bit is the "ecs-patterns" library. That's the one that is magical and deals with setting up the load balancer, cluster, etc for you. And the way we shove the Docker images in I found to be quite straightforward. (And deploys are one line)
-
Cdk8s: CNCF-Backed Infrastructure-as-Code (IaC) for Kubernetes
I saw this last night while trying to setup Flux on EKS. I wanted to share this and see what other tools people are using too.
Is it possible for Kubernetes to be startup-friendly? (We're using ECS right now via the normal CDK[0]).
0: https://github.com/lunasec-io/lunasec/blob/master/lunatrace/...
-
A note from our sponsor - SurveyJS
surveyjs.io | 19 May 2025
Stats
lunasec-io/lunasec is an open source project licensed under GNU General Public License v3.0 or later which is an OSI approved license.
The primary programming language of lunasec is TypeScript.