JSPM

Local-first vulnerability reachability CLI for JavaScript and TypeScript

Security-themed React component library for dashboards, scanners, and threat visualization

MCP server for MetalTorque Security Audit — gives AI agents the ability to scan websites for security vulnerabilities.

Security scanner for AI-generated code — find vulnerabilities before you ship

Aribot Security Platform SDK by Aristiun & Ayurak - Threat modeling, compliance, and cloud security APIs

n8n node for the Tenable One platform

Secure Code — scan, fix, and automate security for any codebase. SOC 2, NIST CSF, OWASP Top 10 & CWE.

Guardrail CLI - Enterprise security scanning with interactive menu, arrow navigation, and auto-installation

Non-Human Identity Security Platform — detect OIDC trust policy misconfigurations, validate fixes with a 6-layer Policy Intelligence Engine, and auto-generate Terraform PRs.

Security pattern detector for AI-generated code — catches the dangerous patterns AI coding agents introduce, directly in your git workflow

OSINT API key protection - prevent secret leaks

The most comprehensive Angular security auditing tool. 150+ rules, 10 scan types (OWASP, API security, performance, accessibility, dependency audit, hacking, complexity, code quality). Auto-fix suggestions, HTML dashboard, SVG badge generation, SARIF expo

Bundle scanning, NEXT_PUBLIC_ exposure detection, and environment drift for Next.js

Praetorian CLI – A universal multi-environment configuration validator for DevSecOps teams. Validate, compare, and secure YAML/ENV files with ease.

Feature-rich MCP server for Black Duck Polaris — trigger SAST/SCA/DAST scans, query findings, generate reports (SBOM, SPDX, CycloneDX), manage policies, triage issues, and more. Works with Claude Code, Claude Desktop, GitHub Copilot, Cursor, and any MCP-c

Security scanner for MCP (Model Context Protocol) servers — detect supply chain risks, permission overreach, and misconfigurations

API security scanner for indie developers — detects auth gaps, sensitive data leaks, and more in OpenAPI/Swagger specs.

DevSecOps-focused MCP server for AWS, Kubernetes, CI/CD, and security tooling.

AWS IAM security scanner CLI that detects overly broad permissions, scores risk, and suggests safer policy changes.

Portable, standards-backed security policies for any AI coding agent. One command to install OWASP, CWE, NIST rules + security skills.

Predictive dependency security engine. Trust scores, zombie detection, blast radius analysis for your supply chain.

A @kubernetes/client-node fluent API wrapper that leverages K8s Server Side Apply.

A CLI for Snyk's SnykCon 2020 DevSecOps and Developer-first security conference

autonomous black-box web penetration testing. give it a URL, it finds everything exploitable.

Security vulnerability scanner

Reports Reports and exports compliance status for defined controls.

AI agent governance platform — static scanning + runtime interception for Claude Code, Cursor, GitHub Copilot, Codex, LangChain, CrewAI, and Kiro. Blocks dangerous tool calls in real-time.

Security workflow installer for AI coding runtimes (Claude, Codex, and more)

Open-source CLI toolkit for automated red-teaming of LLM-powered applications

The missing security layer for open source projects. Scan, fix, and enforce secret hygiene, supply chain integrity, and project health.

Runtime security for AI Agent Skills — Scan, sandbox & enforce. Detect prompt injection, memory poisoning, supply chain attacks. 72+ patterns, 14 categories. The firewall Snyk and Cisco don't build.

SynapseAudit CLI - AI-Powered Security Scanner for your code

DevSecOps toolkit for AI-assisted secure development — security scanner, ISMS dashboard, asset management

A lightweight, extensible Static Application Security Testing (SAST) tool for JavaScript. Detects vulnerabilities like XSS, SQL injection, hardcoded secrets, prototype pollution, and more — with CWE references, severity ratings, and context-aware reportin

A dependency scanner that detects suspicious code.

DevSecureX CLI - Advanced security scanning tool for developers. Detect vulnerabilities across 20+ programming languages with comprehensive SAST, dependency analysis, secrets detection, and compliance reporting. Integrates seamlessly with CI/CD pipelines

Venom — Autonomous AI pentester for developers. Find exploits AND fix them.

AI Code Security Auditor — catches vulnerabilities that LLMs introduce and SonarQube misses. Purpose-built for AI-generated code with educational feedback.

AI-powered security scanner that detects vulnerabilities in AI-generated code. Proactive scanning, autonomous fixing, and emergency response for modern development teams.

Open-source CLI for scanning repositories for security risks across code, infra, and dependencies.

Zero-Trust Package Management

Assume AWS IAM roles between Control account and Target accounts

A robust and optimized JavaScript library for integrating Google's Teachable Machine models, supporting various image sources and providing efficient classification capabilities.

Developer-first JavaScript/TypeScript security scanner with static analysis, proof-oriented tests, secure-arch checks, and AI rule export.

Logger for devsecops-cli

Security audit CLI for AI-generated codebases. Find the time bombs before they blow.

AI security scanner for vibe-coded apps. Find vulnerabilities before attackers do.

Quantum Viper CLI (qv) - Professional AI-Powered Security Analysis

Secret scanning in your codebase, the FOSS way.

Test password/phrases to ensure strong entropy and no reuse from a password breach, based on the latest guidance.

Security scanner for OpenClaw AI agents — 100-point audit with auto-fix

Aribot Security Platform SDK - Threat modeling, compliance, cloud security, and AI-powered security analysis

TYTSPOT CLI for running security scans, reviewing findings, and working with reports from the terminal.

MCP server for Custodia — scan GitHub repos for security vulnerabilities from Claude Desktop, Cursor, and Claude.ai.

CLI tool to detect hardcoded secrets and sensitive data in codebases.

Graduated security gates for DevSecOps pipelines - A developer-centric approach to security enforcement with configurable severity thresholds and productivity analytics

n8n nodes for Cycode security platform integration

Security scanner for MCP (Model Context Protocol) servers. Detect vulnerabilities, secrets, injection risks, and misconfigurations before deployment.

A lightweight utility that securely loads API keys for Cursor MCP servers from your home directory, preventing accidental exposure of secrets in repositories. Keep your credentials safe while maintaining seamless integration with AI coding assistants.

Zero-config Git pre-commit hook that blocks secrets (AWS keys, API tokens, .env files) from being committed. Auto-installs for your entire team.

Scanr CLI distribution package

Security scanner for AI-generated code. Detect vulnerabilities in Claude Code, Cursor, and Copilot output. Fix Packs with Claude prompts included.

Know what your dependencies actually do to your code. Usage-level CVE scoping, dead-weight detection, and health scoring for any GitHub repo across 11+ ecosystems.

AI-powered auth security auditor - find vulnerabilities in your authentication code using GPT

Un nodo de n8n para interactuar con la API de Tenable usando Pytenable en un sandbox de Docker.

Ordo security scanner CLI - catch vulnerabilities before they cost you money

CLI tool to detect leaked secrets, frontend exposure, and generate safe fixes.

A tool for finding leaked secrets in the code

Comprehensive security tool to detect hardcoded API keys, tokens, and sensitive credentials in your codebase with 245+ detection patterns, entropy analysis, and baseline filtering

ZAK — Zeron Agentic Kit, open-source ADK for building autonomous cybersecurity agents. Build, deploy, and govern autonomous cybersecurity agents.

🚀 Smart commit message generator with AI - supports local LLMs and cloud APIs

AI-native secret detection CLI for scanning repositories

Security Engineer subagent for Claude Code - specialized in DevSecOps and infrastructure security

45 security skills for AI coding agents — Claude Code, Gemini CLI, Cursor, Codex, and more

HTTP API client for devsecops-cli

Scan git commit history for leaked secrets, API keys, and tokens by username. Find what was deleted but never truly gone.

AI agent security platform — scan, fix, monitor, and pentest MCP servers, Claude skills, Codex plugins, Cursor extensions, and 5 more platforms. 227 rules across 17 threat categories.

VibeCheck Ultimate CLI — Ship with confidence. 65+ commands merged from 4 codebases: kernel infrastructure, ISL verification, Reality Mode, Agent Firewall, MCP Server.

AI-powered code review — security (OWASP Top 10), code quality, standards enforcement, and custom rules. 6 providers (Ollama free/local, Gemini, Groq, DeepSeek, OpenAI, Anthropic). MCP server for Cursor, Windsurf, VS Code, Claude Desktop + CLI + Node API.

Yanrix GitHub Action — AI-powered STRIDE threat modeling for pull requests. Forthcoming release. Visit yanrix.dev for updates.

CLI to upload BOM files to Dependency-Track (https://dependencytrack.org/) tool using CI/CD pipelines

An advanced, highly resilient Event Emitter built on top of the native Node.js events module. It is designed to facilitate seamless, secure, and reliable event communication between two or more distinct Node.js applications across a network.

A Playwright-based tool to automate GitHub secret scanning custom pattern management.

Security scanner for AI-generated and vibe-coded projects. Detects secrets, injection attacks, weak crypto, backdoors, and more.

Guardrail CLI — Ship with confidence. AI-native code scanning, security analysis, and quality gates.

Scan AWS IAM roles for OIDC trust policy misconfigurations in GitHub Actions. Free CLI by TrustFix.

Build configuration integrity scanner — detects supply chain compromise indicators in config files

AI-powered security scanner that automatically fixes vulnerabilities - SQL injection, XSS, secrets exposure, and more. Not just detection, but intelligent autofix before commit.

GuardLink — Security annotations for code. Threat modeling that lives in your codebase.

AI-powered security scanner with Claude API integration and MCP server support

🛡️ Block secrets, misconfigurations, and vulnerabilities before they reach your repository. Real-time security scanning with inline diagnostics.

Audit your auth implementation for security flaws

Claude Code skill for Application Security Posture Management — runs Semgrep SAST and optional Shannon pentesting, generates ASPM_SCAN.md reports

🔐 Scan your entire git history for accidentally committed secrets. Rotate, fix, and prevent credential exposure.

AI-powered security scanner for your codebase. Scan for vulnerabilities, get risk scores, auto-report on GitLab MRs.

Offline-first security auditor for MCP (Model Context Protocol) configurations

AI security scanner for developers — Scan for PII, secrets, prompt injection, and unsafe AI SDK usage.

MCP server for SixthWall AI code security scanner. Integrates with Claude Code for automatic vulnerability detection with Fix Packs.

Pluggable DevSecOps Security Scanner with 10+ scanners and multiple reporting channels

Yanrix schema definitions — shared types and validation schemas for the Yanrix threat modeling platform. Forthcoming release. Visit yanrix.dev for updates.

Guardrail CLI - Enterprise security scanning with interactive menu, arrow navigation, and auto-installation

CLI to upload BOM files to Dependency-Track (https://dependencytrack.org/) tool using CI/CD pipelines

DevSecOps MCP server integrating SAST, DAST, IAST, and SCA tools

Smell leaks before attackers do.

Security by design CLI for AI-assisted development - scans projects and guards autonomous agent runs

ProbeX Security Agent — 9 scan engines, one command. Local-first DevSecOps scanning with cloud upload.

Open-source CLI scanner for risky MCP server and AI agent tool configuration.

Security scanning CLI for React and Next.js — detects CVEs, secrets, license risks, supply chain threats, hydration bugs, RSC boundary violations, and more.

Security scanner for MCP servers — detect vulnerabilities, CVEs, and attack vectors

Sorkcloud CLI — AI-powered security pipeline for Node.js projects. Scans, triages, fixes, verifies, and supports multiple AI agents (Claude, OpenAI, Codex, Gemini, Mistral, Llama). Works with BYOK or sorkcloud.space-managed keys.