lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/ (by lunasec-io)

Lunasec Alternatives

Similar projects and alternatives to lunasec

  1. Code-Server

    416 lunasec VS Code-Server

    VS Code in the browser

  2. SurveyJS

    JavaScript Form Builder with No-Code UI & Built-In JSON Schema Editor. Add the SurveyJS white-label form builder to your JavaScript app (React/Angular/Vue3). Build complex JSON forms without coding. Fully customizable, works with any backend, perfect for data-heavy apps. Learn more.

    SurveyJS logo
  3. Apache Log4j 2

    Apache Log4j is a versatile, feature-rich, efficient logging API and backend for Java.

  4. endoflife.date

    Informative site with EoL dates of everything

  5. syft

    39 lunasec VS syft

    CLI tool and library for generating a Software Bill of Materials from container images and filesystems

  6. packj

    39 lunasec VS packj

    Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

  7. Logback

    21 lunasec VS Logback

    The reliable, generic, fast and flexible logging framework for Java.

  8. dependency-track

    Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

  9. InfluxDB

    InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

    InfluxDB logo
  10. log4shell-tools

    Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046

  11. birdcage

    Cross-platform embeddable sandboxing

  12. ysoserial

    A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

  13. cli

    12 lunasec VS cli

    Command line interface for the Phylum API (by phylum-dev)

  14. react-payment-inputs

    A React Hook & Container to help with payment card input fields.

  15. ossdatabase

    Source for ossdatabase.com

  16. jdk8u

    6 lunasec VS jdk8u

    https://wiki.openjdk.org/display/jdk8u (by openjdk)

  17. mantine

    248 lunasec VS mantine

    A fully featured React components library

  18. Scrabble Solver by Kamil Mielnik

    Free, open-source, cross-platform, multi-language analysis tool for Scrabble, Scrabble Duel, Super Scrabble, Letter League, Literaki, and Kelimelik. Quickly find the top-scoring words using the given board and tiles. Available in 8 languages.

  19. apache-log4j-poc

    Discontinued Apache Log4j 远程代码执行

  20. miniboss

    6 lunasec VS miniboss

    The most versatile way to manage containers locally

  21. react-numpad

    1 lunasec VS react-numpad

    A numpad for number, date and time, built with and for React.

  22. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better lunasec alternative or higher similarity.

lunasec discussion

Log in or Post with

lunasec reviews and mentions

Posts with mentions or reviews of lunasec. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-01-27.
  • Installing Arch Linux on a Laptop
    1 project | news.ycombinator.com | 14 Sep 2024
    Nit picking a bit but I prefer btrfs even if it's slower. Easier to work with.

    What bootloader is this using? Or is it just straight EFI booting?

    I helped write a guide a few years back that still is what I do using systemd-boot. https://github.com/lunasec-io/lunasec/blob/master/docs/blog/...

    How is Wayland support these days? I love i3 but I know Sway promises to be close enough.

  • Guys, I taught ChatGPT to browse the internet and it is bloody amazing.
    1 project | /r/geek | 13 Mar 2023
  • Ask HN: Those making $0/month or less on side projects – Show and tell
    95 projects | news.ycombinator.com | 27 Jan 2023
    LunaTrace: https://lunatrace.lunasec.io/

    Premise: Open Source[0] alternative to GitHub Dependabot and `npm audit` that focuses on helping you prioritize where to patching first (only 0.1% of CVEs are used in cyber attacks).

    Short YouTube demo: https://www.youtube.com/watch?v=ugdSyR2L6sY

    A newer video showing off the whole Static Analysis engine: https://www.youtube.com/watch?v=vPd4MSUJ98M

    Price: $0 for Open Source repos. We're hoping to charge for private repos in the future, but we need to build out the billing features first lol. (We're at $0 in revenue currently.)

    If you are filled with rage because of CVEs spamming you, come vent your frustrations on Discord: https://discord.gg/2EbHdAR5w7

    We're looking for early customers that are interested in working with us. My email is on my profile. Cheers!

    [0]: Source Code, https://github.com/lunasec-io/lunasec/

  • Log4Shell Still Has Sting in the Tail
    4 projects | news.ycombinator.com | 30 Dec 2022
    (Note: I'm the person that coined the term "Log4Shell")

    You may be surprised when I tell you what the Apache Software foundations yearly budget is. You'd think for software that is used by practically every Fortune 500 company and most governments, it would be something reasonable. Maybe a few hundred million dollars a year to pay for a reasonable full-time staff, right?

    It turns out... it's about $2 million a year. (Wikipedia[0])

    This helps explain to me why the devs of Log4j directly uploaded the file "JNDIExploit.java" (the POC) to GitHub while they were patching. (Here is a full analysis and guide about how to prevent that[1].)

    They're not security people. They're volunteers working on this in addition to their full-time job.

    What kind of brave soul wants to trudge through and maintain log4j in their spare time for zero compensation? I appreciate the people that are capable of doing that, but I think they are rare!

    This whole entire vulnerability was eye opening for everybody and I have actually spent the last year building tooling on GitHub to help fix the problems that Log4Shell exposed.

    If you have 2 seconds to try that out or just Star the repo[2], it would be very helpful!

    0: Log4j revenue https://en.wikipedia.org/wiki/The_Apache_Software_Foundation

    1: "How to Discuss and Fix Vulnerabilities in Open Source" https://www.lunasec.io/docs/blog/how-to-mitigate-open-source...

    2: GitHub project building better dependency patching tools https://github.com/lunasec-io/lunasec

  • Malicious Python Packages Replace Crypto Addresses in Developer Clipboards
    1 project | /r/netsec | 7 Nov 2022
    If anybody is curious to replicate this type of analysis, we should connect because I've been working a project to build an engine for this type of analysis for about a year now. GitHub Repo
  • Dozens of malicious PyPI packages discovered targeting developers
    23 projects | news.ycombinator.com | 2 Nov 2022
    It is possible to set your registry in NPM via the "npmrc" file. That will let you hit the specified HTTP server whenever you run commands like "npm install".

    I know this is also possible for Python because we did it at Uber. I don't remember the specific details anymore though.

    In either case though, a lot of people have written proxies for this use case (I helped write one for NPM at Uber). Companies like Bytesafe and Artifactory also exist in this space.

    We're working on something similar that's on GitHub here: https://github.com/lunasec-io/lunasec

    Proxy support isn't built out yet but the data is all there already.

  • Preventing the bait and switch by open core software companies
    4 projects | news.ycombinator.com | 27 Oct 2022
  • Ignore 98% of dependency alerts: introducing Semgrep Supply Chain
    1 project | news.ycombinator.com | 4 Oct 2022
    Here is some code on GitHub that does call site checking using SemGrep: https://github.com/lunasec-io/lunasec/blob/master/lunatrace/...

    (Note: I helped write that. We're building a similar service to the r2c one.)

    You're right that patching is hard because of opaque package diffs. I've seen some tools coming out like Socket.dev which show a diff between versions. https://socket.dev/npm/package/react/versions

    But, that said, this is still a hard problem to solve and it's happened before that malware[0][1] has been silently shipped because of how opaque packages are.

    0: https://web.archive.org/web/20201221173112/https://github.co...

    1: https://www.coindesk.com/markets/2018/11/27/fake-developer-s...

  • Ask HN: How do you deploy your weekend project in 2022?
    3 projects | news.ycombinator.com | 9 Sep 2022
    https://github.com/lunasec-io/lunasec/blob/master/lunatrace/...

    It's more complicated now but if you look at the history of that "backend-cdk" folder then it's simpler a few months ago.

    The important bit is the "ecs-patterns" library. That's the one that is magical and deals with setting up the load balancer, cluster, etc for you. And the way we shove the Docker images in I found to be quite straightforward. (And deploys are one line)

  • Cdk8s: CNCF-Backed Infrastructure-as-Code (IaC) for Kubernetes
    2 projects | news.ycombinator.com | 6 Sep 2022
    I saw this last night while trying to setup Flux on EKS. I wanted to share this and see what other tools people are using too.

    Is it possible for Kubernetes to be startup-friendly? (We're using ECS right now via the normal CDK[0]).

    0: https://github.com/lunasec-io/lunasec/blob/master/lunatrace/...

  • A note from our sponsor - SurveyJS
    surveyjs.io | 19 May 2025
    Add the SurveyJS white-label form builder to your JavaScript app (React/Angular/Vue3). Build complex JSON forms without coding. Fully customizable, works with any backend, perfect for data-heavy apps. Learn more. Learn more →

Stats

Basic lunasec repo stats
37
1,447
5.5
about 1 year ago

Sponsored
JavaScript Form Builder with No-Code UI & Built-In JSON Schema Editor
Add the SurveyJS white-label form builder to your JavaScript app (React/Angular/Vue3). Build complex JSON forms without coding. Fully customizable, works with any backend, perfect for data-heavy apps. Learn more.
surveyjs.io

Did you know that TypeScript is
the 1st most popular programming language
based on number of references?