LunaSec's repositories
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Spring4Shell-POC
This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).
spring-rce-vulnerable-app
Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228) and the possible Spring RCE vulnerability.
damn-vulnerable-js-sca
An intentionally vulnerable Javascript app containing notable vulnerabilities in its dependencies.
vulnerable-app
Intentionally vulnerable apps that are used to test LunaTrace.
cve-2022-42889-text4shell-docker
Dockerized POC for CVE-2022-42889 Text4Shell (with LunaSec research notes)
cwe-sdk-javascript
A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC
yarn-plugin-workspace-lockfile
Yarn 2 plugin to create a separate lockfile per workspace
nodejs-lockfile-parser
Generate a Snyk dependency tree from package-lock.json or yarn.lock file