Checkmarx

kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

capital

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.

2ms

Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git

chainjacking

Find which of your direct GitHub dependencies is susceptible to RepoJacking attacks

chainalert-github-action

scans popular packages and alerts in cases there is suspicion of an account takeover

kics-github-action

GitHub actions of KICS scan - Keeping Infrastructure as Code Secure

ast-cli

A CLI project wrapping application security testing (AST) APIs

Goatlin

(aka Kotlin Goat) - an intentionally vulnerable Kotlin application

cuteboi

This open-source project tracks CuteBoi's activity over time as there are evidence the actor is still active. All information provided here is intended for research purposes.

ast-github-action

Checkmarx application security testing (AST) GitHub action

red-lili

This open-source project tracks RED-LILI's activity over time as there are evidence the actor is still active. All information provided here is intended for research purposes.

AppSecVillage-Samples

A public repo to hold some code review challenges for RSA Conference 2022

ast-vscode-extension

The Checkmarx One Visual Studio Code plugin (extension) enables you to import results from a Checkmarx One scan directly into your VS Code console. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor.

ci-cd-integrations

If you are using a CI/CD platform that doesn’t yet have a dedicated Checkmarx plugin, please check this repository.

ast-azure-plugin

The CxAST Azure DevOps plugin enables you to trigger SAST, SCA, and KICS scans directly from an Azure DevOps pipeline.

kics-cdk-validator-plugin

A KICS plugin for AWS CDK

ast-teamcity-plugin

The CxAST TeamCity plugin enables you to trigger SAST, SCA, and KICS scans directly from a TeamCity project.

ast-eclipse-plugin

The CxAST Eclipse plugin enables you to import results from a CxAST scan directly into your IDE. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor.

ast-jetbrains-plugin

The CxAST JetBrains plugin enables you to import results from a CxAST scan directly into your IDE.

ast-visual-studio-extension

The CxAST Visual Studio plugin enables you to import results from a CxAST scan directly into your IDE

kics-codefresh-step

sast-to-ast-export

CLI tool to export data from CxSAST and import into Checkmarx Application Security Testing Platform

dast-github-action

homebrew-ast-cli

overlay

Overlay is a browser extension helping developers evaluate open source packages before picking them

artifactory-security-plugin

kics-github-action-demo

A demo repo to show KICS Github Action in Action

gitleaks

Protect and discover secrets using Gitleaks 🔑

nexus-security-plugin

terraform-aws-cxone