LunaSec

lunasec-io

Easily detect and fix security issues like Log4Shell with LunaSec's Open Source security tools. Come join the hundreds of companies already using LunaSec!

United States of America

https://www.lunasec.io

LunaSec's repositories

lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Language:TypeScriptNOASSERTION1407 30 290

Spring4Shell-POC

This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).

Language:Python103 40

spring-rce-vulnerable-app

Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228) and the possible Spring RCE vulnerability.

Language:JavaApache-2.034 20

damn-vulnerable-js-sca

An intentionally vulnerable Javascript app containing notable vulnerabilities in its dependencies.

Language:JavaScriptApache-2.013 3 1

vulnerable-app

Intentionally vulnerable apps that are used to test LunaTrace.

Language:JavaScript2 30

cve-2022-42889-text4shell-docker

Dockerized POC for CVE-2022-42889 Text4Shell (with LunaSec research notes)

Language:Java1 10

syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

Language:GoApache-2.01 10

cwe-sdk-javascript

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

Language:TypeScriptApache-2.0010

dvja

Damn Vulnerable Java (EE) Application

Language:JavaMIT010

grype

A vulnerability scanner for container images and filesystems

Language:GoApache-2.0010

yarn-plugin-workspace-lockfile

Yarn 2 plugin to create a separate lockfile per workspace

Language:JavaScriptMIT010

nodejs-lockfile-parser

Generate a Snyk dependency tree from package-lock.json or yarn.lock file

Language:TypeScriptNOASSERTION010