GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → lunasec-io → lunasec

lunasec-io / lunasec

Licence: other
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Programming Languages

typescript
32286 projects
go
31211 projects - #10 most used programming language
CSS
56736 projects
javascript
184084 projects - #8 most used programming language
SCSS
7915 projects
PLpgSQL
1095 projects

Labels

securitycontinuous-deliverydependency-analysiscybersecuritypci-dssweb-securitycompliancescanningcve-scanningtokenizationgdprsecurity-toolsdevsecopssoftware-composition-analysiszero-trustsoc2sbomscanning-toolsbom-generatorlog4shell

Projects that are alternatives of or similar to lunasec

Immudb
immudb - world’s fastest immutable database, built on a zero trust model
Stars: ✭ 3,743 (+196.83%)
Mutual labels:  pci-dss, compliance, gdpr, zero-trust
dep-scan
Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (-72.56%)
Mutual labels:  dependency-analysis, compliance, devsecops, sbom
Content
Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Stars: ✭ 1,219 (-3.33%)
Mutual labels:  cybersecurity, pci-dss, compliance
havengrc
☁️Haven GRC - easier governance, risk, and compliance 👨‍⚕️👮‍♀️🦸‍♀️🕵️‍♀️👩‍🔬
Stars: ✭ 83 (-93.42%)
Mutual labels:  compliance, gdpr, devsecops
Wazuh Kibana App
Wazuh - Kibana plugin
Stars: ✭ 212 (-83.19%)
Mutual labels:  pci-dss, compliance, gdpr
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+261.7%)
Mutual labels:  compliance, gdpr, devsecops
Bunkerized Nginx
🛡️ Make your web services secure by default !
Stars: ✭ 2,361 (+87.23%)
Mutual labels:  cybersecurity, web-security, devsecops
dependency-check-py
🔐 Shim to easily install OWASP dependency-check-cli into Python projects
Stars: ✭ 44 (-96.51%)
Mutual labels:  dependency-analysis, cve-scanning, software-composition-analysis
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+624.58%)
Mutual labels:  pci-dss, compliance, gdpr
prowler
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+538.07%)
Mutual labels:  compliance, gdpr, devsecops
log4j-detector
Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!
Stars: ✭ 622 (-50.67%)
Mutual labels:  cybersecurity, log4shell
Sherlock
This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (-97.15%)
Mutual labels:  cybersecurity, web-security
firecracker
Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.
Stars: ✭ 438 (-65.27%)
Mutual labels:  cybersecurity, web-security
Hack4Squad
💀 A bash hacking and scanning framework.
Stars: ✭ 45 (-96.43%)
Mutual labels:  cybersecurity, scanning
Bbrecon
Python library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-86.6%)
Mutual labels:  cybersecurity, web-security
Jiff
JavaScript library for building web-based applications that employ secure multi-party computation (MPC).
Stars: ✭ 131 (-89.61%)
Mutual labels:  cybersecurity, web-security
Wazuh Docker
Wazuh - Docker containers
Stars: ✭ 213 (-83.11%)
Mutual labels:  pci-dss, compliance
Awesome Nodejs Security
Awesome Node.js Security resources
Stars: ✭ 1,294 (+2.62%)
Mutual labels:  cybersecurity, web-security
Docker Security Images
🔐 Docker Container for Penetration Testing & Security
Stars: ✭ 172 (-86.36%)
Mutual labels:  cybersecurity, devsecops
cyclonedx-cli
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
Stars: ✭ 154 (-87.79%)
Mutual labels:  sbom, sbom-generator
View All Similar Projects ➔

LunaTrace

LunaTrace is an Open Source supply chain security and auditing tool. At its heart is a web console the tracks your projects and their dependencies, looking for vulnerabilities and other issues. This console is provided as a SAAS (available here for free) or you can deploy it and manage it yourself.

Please see our LunaTrace documentation for more information.

Short Introduction Video

LunaTrace Introduction Video

Repo Structure

We're a team of Security Engineers on a mission to make awesome Open Source Application Security tooling. It all lives in this monorepo and here's a breakdown of where everything we've built lives.

  • LunaTrace: A free alternative to services like GitHub Dependabot or Snyk that automatically monitors for your dependencies for vulnerabilities. It automatically integrates with GitHub Pull Requests to notify you of new CVEs before you deploy to production. Try it out in one-click via our GitHub App.
    • Status: Production ready and under active development (our primary focus).
  • Log4Shell CLI: A small command line utility to scan for Log4Shell. Also supports patching JAR files against Log4Shell, scanning running processes on your system, and more. Follow our Mitigation Guide for more context.
    • Status: Production ready and used by thousands of companies. Superseded by LunaTrace.
  • Our Security Blog: Our ramblings to the internet. This is where we broke the news about the log4j vulnerability and gave it the name Log4Shell. The blog lives in this repo under /docs/blog if you feel like contributing!
    • Status: Continuously updated and any requests for us to write about topics is encouraged.
  • LunaDefend: An end-to-end suite of security software built around Tokenization designed to proactively protect your sensitive data from being hacked, as well as providing an easier path towards compliance (SOC2, GDPR, PCI-DSS, etc).
    • Status: Unmaintained (but feel free to open issues).

Support

If you find yourself stuck, you're missing a feature, or you just want to clear up some confusion, then please join our Discord Community to speak with us.

We're a small team and we're always looking for more feedback about what problems we can help solve, so we'd love if you took a moment to try out LunaTrace and, if you like it, share it with your colleagues and friends. The hardest part of our mission to build better security tools is simply getting people to realize that they exist!

Contributing

We welcome community contributions and we've documented the requirements for contributions here.

If you'd like to contribute ideas or feedback, you can do so by either opening a GitHub issue or speaking with us on Discord.

See Also

For more information about LunaSec including tutorials, examples, and technical information, please visit our documentation.
For marketing information, sales, or to get in touch, visit our website: https://www.lunasec.io/.

The rest of this ReadMe explains how to work on LunaSec itself. If you simply want to use LunaSec, please see the documentation.

Contributing

Please read our contributor instructions before forking and submitting a pull request. It's short and it's very helpful if you're going to be working on LunaSec.

Feedback

Our goal is to create a sustainable business to support LunaSec, while also building an Open Source community. If you have thoughts on how we can improve our approach, we would love to hear from you.

Please email us at developer-feedback at lunasec dot io or file an issue on this repository.

Release Process

The release process will be handled automatically by our CI/CD system.

Under the hood, the release process is split up into four parts:

  1. Version bump
  2. Compile artifacts
  3. Publish artifacts
  4. Push version tag to repository

Breaking this process up ensures that every part completes without error before moving onto the next step. This greatly reduces the event that some artifacts get published and others do not, leading to a headache of a time debugging a release.

Deployment of the releases is done by GitHub Actions.

Version

Versioning for releases is done by lerna.

Compile

Since the monorepo has both go and node code, compilation happens in multiple places. For the node sdks, every package has their own compilation package.json script which gets run. The entrypoint which calls into each package’s script is here. For the go code, all compilation code exists within the Makefile under the release target.

Publish

For node artifacts, everything is handled by lerna. For go, publishing is handled by the publish target of the Makefile. Artifacts end up in NPM, DockerHub, and Github.

Push

The version tag that gets pushed contains the version changes for the bumped monorepo version. Here is an example commit.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].