JSPM

A @kubernetes/client-node fluent API wrapper that leverages K8s Server Side Apply.

Command-line tool for detecting vulnerabilities in files and directories.

Autonomous multi-agent DevSecOps pipeline CLI

AI-powered multi-agent security platform. 23 agents scan 80+ attack classes including AI integration supply chain (Vercel-class attacks), Hermes Agent deployments (ASI-01–ASI-10), tool registry poisoning, function-call injection, skill permission drift, a

Official Trace CLI for vulnerability intelligence in your terminal

NoData Guard — continuous security scanner. Runs locally, reports only metadata. Your data never leaves your machine.

MCP Server - Toàn bộ kiến thức xDev.asia: 57 series, 1200+ lessons, blog, showcase (AI, Architecture, DevSecOps, Programming)

Automated SBOM generation and vulnerability scanning for multiple repositories. Generates CycloneDX SBOMs, scans with Trivy, and notifies via Slack/email.

AI security scanner for vibe-coded apps. Find vulnerabilities before attackers do.

ADBIS real-time breach detection SDK with admin widget and dashboard integration

Semantic static analysis engine for detecting security vulnerabilities via taint tracking

Production-grade security hardening skill for Claude Code — AI/vibe-coded projects, OWASP Top 10, zero-trust, red-team, Supabase RLS, compliance (SOC 2, PCI-DSS, GDPR/LGPD)

watson-watchdog é uma ferramenta que usa inteligência artificial para verificar vulnerabilidades em dependências de projetos Node.js, analisando o package-lock.json. Ideal para integração em CI/CD pipelines.

Pre-commit security gate for OWASP Top 10 2021 — SAST, SCA and misconfig checks for Node/Express, Go and React codebases

Radar is an open-source orchestrator of security scanners.

AI-Powered Security Scanning and Autonomous Remediation Platform

Asyntax AI — security-scan your codebase from the terminal

A tool for managing compliance as code in your GitHub repositories.

Advanced security scanner that detects API key leaks and sensitive information in source code. Scans TypeScript, JavaScript, Markdown, and configuration files for AWS keys, OpenAI tokens, GitHub/GitLab PATs, Slack/Discord tokens, JWT tokens, and other cre

OWASP API security scanner with AI-assisted behavioral testing, static analysis, container scanning, and GraphQL probing.

Agentic CVE remediation platform for Node.js. Correlates threat intelligence, applies policy-governed fixes, and delivers auditable remediation outcomes across CI/CD pipelines, agent workflows, and service portfolios.

CodeSlick CLI tool for pre-commit security scanning — 308 checks across JS, TS, Python, Java, Go

<div align="center"> <h1>🌌 ADBIS Dashboard</h1> <p><b>The Real-Time Acoustic & Visual Cyber-Defense Console</b></p>

Safe share for AI-built apps. One command scans for exposed API keys, leaked .env files, and open CORS — then opens a live URL via Cloudflare Tunnel. Agent-native (Claude Code, Cursor, Cline). Free forever; Pro for stable *.flieger.app subdomains.

Curated slash commands for AI coding assistants — Claude Code, OpenCode, Gemini CLI, and Codex

Tiny security gate for CI/CD — orchestrates Semgrep, Gitleaks, osv-scanner, Trivy, and npm audit with a premium HTML report.

Structured observability framework for Node.js — declarative logging, masking, compliance, and tracing for high-demand environments.

<div align="center"> <h1>⚙️ ADBIS Control Plane</h1> <p><b>The High-Performance, Asynchronous Incident Response Backend</b></p>

A small CLI to upload BOM files to OWASP Dependency Track (https://dependencytrack.org/) tool using CI/CD pipelines

Static security scanner for AI CLI and MCP configurations — detects credential leaks, prompt injection, jailbreaks, and supply chain risks

Supply-chain security firewall for Node.js — resolves dependencies, scans via OSV.dev and NVD, and enforces configurable vulnerability policies before anything reaches node_modules.

<div align="center"> <h1>🛡️ ADBIS Shared Core</h1> <p><b>The Immutable Zero-Trust Detection & Policy Engine for ADBIS</b></p>

Security scanner for CVE-2025-55182 - Critical React Server Components RCE vulnerability. Scan lockfiles, SBOMs, Docker images, and live URLs.

GitHub security posture audit tools for AI agents — organization, repository, Actions, secrets, supply chain analysis via MCP

VibeCheck Ultimate CLI — Ship with confidence. 65+ commands merged from 4 codebases: kernel infrastructure, ISL verification, Reality Mode, Agent Firewall, MCP Server.

Enterprise-grade security validation and testing tool for MCP servers (Model Context Protocol)

First-party CLI for the ShakerScan security control plane

VibeSecurity — Auditoria de segurança para quem cria com IA. Secrets, vulnerabilidades e rotas sem auth.

Compliance as a Service CLI — scan dependencies, secrets, and IaC, then auto-map every finding to NIST 800-53, SOC 2, CMMC, FedRAMP, ASVS, and SSDF controls

Universal repository diagnostic and security scanning tool with explainable AI

A TypeScript wrapper for AWS Secrets Manager that simplifies common operations and provides a more user-friendly interface.

Agile Threat Modeling as Code

Local, zero-setup security linter for your MCP client configs. Catches command injection, hardcoded secrets, insecure transports, and known CVEs across Cursor, Claude, Windsurf, VSCode, Continue, Codex, and Zed. No account, no API calls, no data leaves yo

MCP server for AI security + AI governance + AI inventory + code security. Lets Claude, Cursor, Windsurf, Cline invoke cyscan (SAST/SCA/secrets — 1,815 rules / 75+ languages), cyweb (web vulnerability scanner), cyprobe (network discovery), cyradar (discov

All-seeing security and code quality agent for Claude Code - monitors code quality, security vulnerabilities, and integrates with SonarQube, Fortify, and JFrog

AI security MCP server and enforcement gate for Claude Code, Cursor, GitHub Copilot, Codex, Replit, and any MCP-compatible editor. Applies OWASP, MITRE ATT&CK, NIST, Zero Trust, PCI DSS, SOC 2, and ISO 27001.

Guardrails for AI-assisted development - Detects IDOR, missing input validation, hardcoded secrets, and other critical bugs in AI-generated code

Vibecheck CLI - Ship with confidence. One verdict: SHIP | WARN | BLOCK.

Bugbase CLI for CVE scanning, secret detection, and predictive security analysis.

Lightweight real-time CLI security log analyzer — detects brute force, SQL injection, XSS, and suspicious bots in server logs

Local-first security scanner. Finds secrets, misconfigs, and unsafe code patterns. Runs in CI. Free, MIT-licensed, no telemetry.

A secrets management platform that every engineer can use with minimal code changes.

GuardLink — Security annotations for code. Threat modeling that lives in your codebase.

Bootstrap and run fcli fortify-setup action in any environment

Security-focused CLI that scans JavaScript/TypeScript codebases for console statements that may leak sensitive data, classifies them by risk level, and blocks risky commits via a pre-commit hook.

Professional security tools for Claude Code: vulnerability scanning, compliance, cryptography audit, container & API security

Security co-pilot for AI agents. Scan for vulnerabilities, verify governance, audit MCP servers, and generate compliance reports — all from Claude, Cursor, or any MCP client.

Guardrail CLI - Enterprise security scanning with interactive menu, arrow navigation, and auto-installation

MCP server for SDLC audit and secure development lifecycle checks

The security layer for AI agents — platform-agnostic threat detection with 300+ rules, runtime blocking, and remediation guidance. Continuous protection.

AI-powered codebase auditor — security, quality, performance, architecture & more

Stop npm supply-chain attacks before they execute. Zero-dependency security scanner: malicious package detection, lockfile audit, dropper detection, integrity checks, OWASP A03/A05/A08/A10 coverage, CycloneDX SBOM & VEX reports, provenance verification, s

A security scanner that detects npm packages compromised by supply chain attacks, including the Axios attack (March 2026) and Shai Hulud malware.

A comprehensive n8n community node for Snyk security platform providing 12 resources and 60+ operations for vulnerability management, project monitoring, and security reporting.

Local-first npm supply-chain detector CLI for known malicious packages, workflows, and IoCs.

Prevent secrets (API keys, passwords) and console.log in commits. Zero-config pre-commit hooks with Husky auto-install. Blocks Stripe, GitHub, AWS credentials out-of-the-box. 357+ teams protected.

Open-source HIPAA compliance scanner for healthcare code. 140+ rules, 5 HIPAA categories. CLI + CI/CD + VS Code.

AI-powered security scanner with 9-agent swarm. Detect secrets, vulnerabilities, attack paths. CLI, API, or cloud dashboard at app.aurasecurity.io

Background check for AI agents — discover, assess, and test before you ship

Terraform plan risk explainer — reads `terraform plan` and classifies each change as safe/review/dangerous/irreversible. Pre-MVP namespace placeholder.

Offline secret-detection engine. Regex patterns plus Shannon entropy. Zero runtime dependencies. The core scanner behind the Quell VSCode extension.

Detect dangerous shell commands (rm -rf, DROP TABLE, git force push, etc.) before they execute. CLI tool for CI/CD and development security.

TitanShieldAI CLI — AI-powered security scanner for your codebase. Zero config. Under 2 minutes.

Assume IAM roles between AWS accounts

MCP server for the SbD-ToE (Security by Design — Theory of Everything) security manual — structured tools for Claude, GitHub Copilot and other MCP clients

Frisk your vibe-coded app before someone else does.

Local-first vulnerability reachability CLI for JavaScript and TypeScript

CLI for driving purpleteam -- security regression testing SaaS

Static analysis and security scanner for AI agent configuration files

CLI for keyshade

GitHub security posture audit tools for AI agents — organization, repository, Actions, secrets, supply chain analysis via MCP

MCP server for MetalTorque Security Audit — gives AI agents the ability to scan websites for security vulnerabilities.

Security-themed React component library for dashboards, scanners, and threat visualization

Security scanner for AI-generated code — find vulnerabilities before you ship

Aribot Security Platform SDK by Aristiun & Ayurak - Threat modeling, compliance, and cloud security APIs

n8n node for the Tenable One platform

Secure Code — scan, fix, and automate security for any codebase. SOC 2, NIST CSF, OWASP Top 10 & CWE.

Guardrail CLI - Enterprise security scanning with interactive menu, arrow navigation, and auto-installation

Security pattern detector for AI-generated code — catches the dangerous patterns AI coding agents introduce, directly in your git workflow

Non-Human Identity Security Platform — detect OIDC trust policy misconfigurations, validate fixes with a 6-layer Policy Intelligence Engine, and auto-generate Terraform PRs.

The most comprehensive Angular security auditing tool. 150+ rules, 10 scan types (OWASP, API security, performance, accessibility, dependency audit, hacking, complexity, code quality). Auto-fix suggestions, HTML dashboard, SVG badge generation, SARIF expo

Bundle scanning, NEXT_PUBLIC_ exposure detection, and environment drift for Next.js

OSINT API key protection - prevent secret leaks

Praetorian CLI – A universal multi-environment configuration validator for DevSecOps teams. Validate, compare, and secure YAML/ENV files with ease.

Feature-rich MCP server for Black Duck Polaris — trigger SAST/SCA/DAST scans, query findings, generate reports (SBOM, SPDX, CycloneDX), manage policies, triage issues, and more. Works with Claude Code, Claude Desktop, GitHub Copilot, Cursor, and any MCP-c

Security scanner for MCP (Model Context Protocol) servers — detect supply chain risks, permission overreach, and misconfigurations

API security scanner for indie developers — detects auth gaps, sensitive data leaks, and more in OpenAPI/Swagger specs.

DevSecOps-focused MCP server for AWS, Kubernetes, CI/CD, and security tooling.

AWS IAM security scanner CLI that detects overly broad permissions, scores risk, and suggests safer policy changes.

Portable, standards-backed security policies for any AI coding agent. One command to install OWASP, CWE, NIST rules + security skills.

Predictive dependency security engine. Trust scores, zombie detection, blast radius analysis for your supply chain.

A @kubernetes/client-node fluent API wrapper that leverages K8s Server Side Apply.

A CLI for Snyk's SnykCon 2020 DevSecOps and Developer-first security conference

Security vulnerability scanner

autonomous black-box web penetration testing. give it a URL, it finds everything exploitable.

Reports Reports and exports compliance status for defined controls.

AI agent governance platform — static scanning + runtime interception for Claude Code, Cursor, GitHub Copilot, Codex, LangChain, CrewAI, and Kiro. Blocks dangerous tool calls in real-time.

Security workflow installer for AI coding runtimes (Claude, Codex, and more)

Open-source CLI toolkit for automated red-teaming of LLM-powered applications

The missing security layer for open source projects. Scan, fix, and enforce secret hygiene, supply chain integrity, and project health.

Runtime security for AI Agent Skills — Scan, sandbox & enforce. Detect prompt injection, memory poisoning, supply chain attacks. 72+ patterns, 14 categories. The firewall Snyk and Cisco don't build.

SynapseAudit CLI - AI-Powered Security Scanner for your code

DevSecOps toolkit for AI-assisted secure development — security scanner, ISMS dashboard, asset management

A lightweight, extensible Static Application Security Testing (SAST) tool for JavaScript. Detects vulnerabilities like XSS, SQL injection, hardcoded secrets, prototype pollution, and more — with CWE references, severity ratings, and context-aware reportin

A dependency scanner that detects suspicious code.

DevSecureX CLI - Advanced security scanning tool for developers. Detect vulnerabilities across 20+ programming languages with comprehensive SAST, dependency analysis, secrets detection, and compliance reporting. Integrates seamlessly with CI/CD pipelines

Venom — Autonomous AI pentester for developers. Find exploits AND fix them.

AI Code Security Auditor — catches vulnerabilities that LLMs introduce and SonarQube misses. Purpose-built for AI-generated code with educational feedback.

AI-powered security scanner that detects vulnerabilities in AI-generated code. Proactive scanning, autonomous fixing, and emergency response for modern development teams.

Open-source CLI for scanning repositories for security risks across code, infra, and dependencies.

Zero-Trust Package Management

Assume AWS IAM roles between Control account and Target accounts

Developer-first JavaScript/TypeScript security scanner with static analysis, proof-oriented tests, secure-arch checks, and AI rule export.

A robust and optimized JavaScript library for integrating Google's Teachable Machine models, supporting various image sources and providing efficient classification capabilities.

Logger for devsecops-cli

Security audit CLI for AI-generated codebases. Find the time bombs before they blow.

AI security scanner for vibe-coded apps. Find vulnerabilities before attackers do.

Quantum Viper CLI (qv) - Professional AI-Powered Security Analysis

Secret scanning in your codebase, the FOSS way.

Test password/phrases to ensure strong entropy and no reuse from a password breach, based on the latest guidance.

Security scanner for OpenClaw AI agents — 100-point audit with auto-fix

CLI tool to detect hardcoded secrets and sensitive data in codebases.

TYTSPOT CLI for running security scans, reviewing findings, and working with reports from the terminal.

MCP server for Custodia — scan GitHub repos for security vulnerabilities from Claude Desktop, Cursor, and Claude.ai.

Aribot Security Platform SDK - Threat modeling, compliance, cloud security, and AI-powered security analysis

Graduated security gates for DevSecOps pipelines - A developer-centric approach to security enforcement with configurable severity thresholds and productivity analytics

n8n nodes for Cycode security platform integration

Security scanner for MCP (Model Context Protocol) servers. Detect vulnerabilities, secrets, injection risks, and misconfigurations before deployment.

A lightweight utility that securely loads API keys for Cursor MCP servers from your home directory, preventing accidental exposure of secrets in repositories. Keep your credentials safe while maintaining seamless integration with AI coding assistants.

Zero-config Git pre-commit hook that blocks secrets (AWS keys, API tokens, .env files) from being committed. Auto-installs for your entire team.

Scanr CLI distribution package

Security scanner for AI-generated code. Detect vulnerabilities in Claude Code, Cursor, and Copilot output. Fix Packs with Claude prompts included.

Un nodo de n8n para interactuar con la API de Tenable usando Pytenable en un sandbox de Docker.

Ordo security scanner CLI - catch vulnerabilities before they cost you money

Know what your dependencies actually do to your code. Usage-level CVE scoping, dead-weight detection, and health scoring for any GitHub repo across 11+ ecosystems.

AI-powered auth security auditor - find vulnerabilities in your authentication code using GPT

CLI tool to detect leaked secrets, frontend exposure, and generate safe fixes.

A tool for finding leaked secrets in the code

Comprehensive security tool to detect hardcoded API keys, tokens, and sensitive credentials in your codebase with 245+ detection patterns, entropy analysis, and baseline filtering

ZAK — Zeron Agentic Kit, open-source ADK for building autonomous cybersecurity agents. Build, deploy, and govern autonomous cybersecurity agents.

🚀 Smart commit message generator with AI - supports local LLMs and cloud APIs

AI-native secret detection CLI for scanning repositories

Security Engineer subagent for Claude Code - specialized in DevSecOps and infrastructure security

Scan git commit history for leaked secrets, API keys, and tokens by username. Find what was deleted but never truly gone.

45 security skills for AI coding agents — Claude Code, Gemini CLI, Cursor, Codex, and more

AI agent security platform — scan, fix, monitor, and pentest MCP servers, Claude skills, Codex plugins, Cursor extensions, and 5 more platforms. 227 rules across 17 threat categories.

HTTP API client for devsecops-cli

VibeCheck Ultimate CLI — Ship with confidence. 65+ commands merged from 4 codebases: kernel infrastructure, ISL verification, Reality Mode, Agent Firewall, MCP Server.

AI-powered code review — security (OWASP Top 10), code quality, standards enforcement, and custom rules. 6 providers (Ollama free/local, Gemini, Groq, DeepSeek, OpenAI, Anthropic). MCP server for Cursor, Windsurf, VS Code, Claude Desktop + CLI + Node API.

Yanrix GitHub Action — AI-powered STRIDE threat modeling for pull requests. Forthcoming release. Visit yanrix.dev for updates.

CLI to upload BOM files to Dependency-Track (https://dependencytrack.org/) tool using CI/CD pipelines

An advanced, highly resilient Event Emitter built on top of the native Node.js events module. It is designed to facilitate seamless, secure, and reliable event communication between two or more distinct Node.js applications across a network.

A Playwright-based tool to automate GitHub secret scanning custom pattern management.

Security scanner for AI-generated and vibe-coded projects. Detects secrets, injection attacks, weak crypto, backdoors, and more.

Guardrail CLI — Ship with confidence. AI-native code scanning, security analysis, and quality gates.

Scan AWS IAM roles for OIDC trust policy misconfigurations in GitHub Actions. Free CLI by TrustFix.

Build configuration integrity scanner — detects supply chain compromise indicators in config files

AI-powered security scanner that automatically fixes vulnerabilities - SQL injection, XSS, secrets exposure, and more. Not just detection, but intelligent autofix before commit.

GuardLink — Security annotations for code. Threat modeling that lives in your codebase.

AI-powered security scanner with Claude API integration and MCP server support

🛡️ Block secrets, misconfigurations, and vulnerabilities before they reach your repository. Real-time security scanning with inline diagnostics.

Audit your auth implementation for security flaws

Claude Code skill for Application Security Posture Management — runs Semgrep SAST and optional Shannon pentesting, generates ASPM_SCAN.md reports

🔐 Scan your entire git history for accidentally committed secrets. Rotate, fix, and prevent credential exposure.

AI-powered security scanner for your codebase. Scan for vulnerabilities, get risk scores, auto-report on GitLab MRs.

Offline-first security auditor for MCP (Model Context Protocol) configurations

AI security scanner for developers — Scan for PII, secrets, prompt injection, and unsafe AI SDK usage.

MCP server for SixthWall AI code security scanner. Integrates with Claude Code for automatic vulnerability detection with Fix Packs.

Pluggable DevSecOps Security Scanner with 10+ scanners and multiple reporting channels

Yanrix schema definitions — shared types and validation schemas for the Yanrix threat modeling platform. Forthcoming release. Visit yanrix.dev for updates.

Guardrail CLI - Enterprise security scanning with interactive menu, arrow navigation, and auto-installation

CLI to upload BOM files to Dependency-Track (https://dependencytrack.org/) tool using CI/CD pipelines

DevSecOps MCP server integrating SAST, DAST, IAST, and SCA tools

Smell leaks before attackers do.

Security by design CLI for AI-assisted development - scans projects and guards autonomous agent runs

ProbeX Security Agent — 9 scan engines, one command. Local-first DevSecOps scanning with cloud upload.

Open-source CLI scanner for risky MCP server and AI agent tool configuration.

Security scanning CLI for React and Next.js — detects CVEs, secrets, license risks, supply chain threats, hydration bugs, RSC boundary violations, and more.

Security scanner for MCP servers — detect vulnerabilities, CVEs, and attack vectors

Sorkcloud CLI — AI-powered security pipeline for Node.js projects. Scans, triages, fixes, verifies, and supports multiple AI agents (Claude, OpenAI, Codex, Gemini, Mistral, Llama). Works with BYOK or sorkcloud.space-managed keys.