Prevent merging of malicious code in pull requests

Focused malicious code detection ruleset, with a high protection-to-noise ratio

Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teams

High-performance open-source security scanner combining SAST, SCA, Secret Detection, and IaC analysis, built for developers and CI/CD pipelines.

A comprehensive security design review checklist for hardening Jenkins, GitHub Actions, AWS, and Azure pipelines. Audit your software supply chain before production.

JenkinsBreaker: Offensive CI/CD security research framework focused on Jenkins exploitation, CVE chaining, and pipeline compromise scenarios.

Enterprise application security playbook covering attacker-driven testing, vulnerability management, and security automation across the SDLC.

🛡️ A curated list of awesome DevSecOps tools, best practices, and resources for securing CI/CD pipelines. Covers SCA, SAST, DAST, IaC, and Container Security.

Security Engineering reference: taint analysis benchmark comparing Pysa, CodeQL & Semgrep on a controlled Django app (16 OWASP Top 10 cases). Includes CI/CD integration with SARIF, ground truth validation, and enterprise scaling patterns.

Collection of custom GHA and reusable workflows.

GitHub Actions security scanner: pin actions to SHAs, detect script injection, audit permissions. Fix supply chain vulnerabilities.

GRIMSEC — 12 AI-Powered DevSecOps Agents. Analyze, audit, validate, and remediate vulnerabilities in any GitHub repo. 89-96% noise reduction.

GitHub Actions pipeline that detects, gates, and audits AI-generated code — policy checks, security scans (Gitleaks + Semgrep), sandboxed tests, and risk-scored reviews