Great links to automate your cybersecurity checks.
- Semgrep: Easy tool to run on your code to detect usual security vulnerabilities.
- Bearer: A developer-first code security & privacy scanner that seamlessly integrates into your entire development (Local, CI/CD, PR/MR).
- ACCENT: It is a Symfony command to check that all your API Platform routes have an access control.
- django-access-inspector: It is a comprehensive access control app for Django that helps you enforce fine-grained access control on your views.
- spring-access-inspector: This tool creates a table report to verify access control on Spring Boot routes. It uses the Preauthorize annotation from spring-security-config.
- RisXSS: It detects XSS flaws of your React or Vue application using a single ESLint rule.
- git-secret-scanner: This tool aims to find secrets and credentials in git repositories owned by Organizations or Groups using the best parts of TruffleHog & Gitleaks libraries.
- gitlab-secrets: Even after a force-push to delete secrets unwanted in the code, those commits still exist even if they aren't referenced. This tool aims to find those secrets
- youtube-video-scanner: This tool detects secrets shown during videos by analizing the frames.
- Renovate: This tool creates Pull Requests to update your vulnerable dependencies and gives you a percentage of confidence about breaking changes.
- Dependat-bot: Just like Renovate, this tool creates Pull Requests to update your vulnerable dependencies. It works better with Github than with other platforms.
- sls-mentor: It is a tool that analyzes the configuration of your AWS resources against best practice rules. It also helps with other metrics than security, such as Performance or Cost.
- Yatas: It helps you create a secure AWS environment without too much hassle.
- cognito scanner: Check that your cognito configuration is not vulnerable to standard attacks