Keyword: appsec

@keygraph/shannon
Released
6d ago
Version
1.8.1
Shannon - Autonomous white-box AI pentester for web applications and APIs by Keygraph
security pentest penetration-testing vulnerability-assessment ai white-box +4
salus-appsec
Released
6m ago
Version
1.0.12
Salus — CLI de AppSec com IA. Code review, análise de vulnerabilidades, hardening defensivo e auditoria AI/LLM. Modo BYOK (Bring Your Own Key).
appsec cli ai code-review owasp openai +12
lockhawk
Released
5d ago
Version
0.2.7
Fast, free, accurate npm dependency vulnerability scanner for local + CI/CD with an interactive HTML dashboard and SARIF/JUnit output, powered by OSV.dev
security vulnerability vulnerability-scanner vulnerability-scanning security-scanner cve-scanner +14
agentgg
Released
yesterday
Version
0.1.9
Agentic SAST scanner — white box, CI-ready, multi-provider. Reasoning where regex falls short.
security sast vulnerability scanner ai llm +5
pup-appsec
Released
1 week ago
Version
0.1.0
Pup — an AI-native, evidence-based application security platform: contextual AI SAST, reachability-based SCA, and threat modelling for JavaScript/TypeScript.
security appsec sast sca threat-modeling ai +3
securewithtrace
Released
3d ago
Version
0.29.0
Official Trace CLI for vulnerability intelligence in your terminal
trace tracecli security vulnerability devsecops cli +1
@aegiskit/scanner
Released
2d ago
Version
0.1.0
Static analysis engine that finds the security gaps a runtime library can't fix — grounded in real vibe-coded Next.js/Supabase mistakes.
security sast static-analysis taint-analysis nextjs supabase +4
@aegiskit/dast
Released
2d ago
Version
0.0.1
Dynamic application security testing for Aegis — confirms vulnerabilities against YOUR OWN running Next.js/Supabase app via bounded, non-destructive HTTP probes, and correlates them with static findings.
security dast dynamic-analysis penetration-testing nextjs supabase +1
@aegiskit/cli
Released
2d ago
Version
0.1.0
The Aegis CLI — scan, init, doctor, and CI integration with an accessible, low-false-positive report.
security cli sast dast sarif nextjs +4
shipshape-scan
Released
2d ago
Version
0.1.0
Honest, zero-dependency pre-launch security scanner for AI-built ("vibe-coded") apps — Lovable, Bolt, Replit, Cursor, v0 + Supabase/Firebase. Finds exposed secrets, publicly-readable databases, and downloadable source; never false-flags public-by-design k
security scanner vibe-coding supabase firebase lovable +6
@kaademos/secure-sdlc
Released
3d ago
Version
1.2.0
Secure SDLC agent team — CLI to scaffold docs, hooks, CI, and MCP-ready security workflows
security sdlc appsec compliance owasp asvs +5
@insom/insom
Released
3d ago
Version
1.0.1
Insomnia — SAST & offensive security toolkit launcher (insom.ai)
sast security insomnia insom static-analysis pentest +2
oauthlint-rules
Released
2h ago
Version
0.3.0
Semgrep rules catching the OAuth/OIDC/JWT anti-patterns that AI coding tools systematically produce.
oauthlint semgrep semgrep-rules oauth oauth2 oidc +10
oauthlint
Released
2h ago
Version
0.7.0
Catch the OAuth/OIDC/JWT anti-patterns AI coding tools systematically produce. CLI wrapper around the oauthlint-rules Semgrep rule pack.
oauthlint semgrep oauth oauth2 oidc jwt +12
@cyclonedx/cdxgen
Released
4d ago
Version
12.7.0
Creates CycloneDX Software Bill of Materials (SBOM) from source or container image
sbom bom inventory spdx package-url purl +5