Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server

Checkmarx Scan Github Action

CodeSec by Contrast - The fastest and most accurate SAST scanner. Scan code and serverless environments

Apply sound changes automatically to a set of words.

GitHub action for CycloneDX BOM generator (cdxgen). cdxgen produced bom xml file can be uploaded to dependency track, AppThreat and other commercial Software Composition Analysis (SCA) products

The guidance for the Open Source Component Management process consists of a generic architecture description, usage blueprints, a concept of the abstraction layer and a collection of use cases. It enables you to quickly match your organization's needs with available solutions and jump-start your process definition by providing templates.

Horizon Studio Security Skills Kit for defensive OWASP-based audits, remediation workflows, and regression testing in Django/DRF and Next.js/React projects.

AI-native OSS PM tool in CLI. Purpose-built for regulated software — auto-generates RTM, SCA, OSCAL, HMAC-signed audit packages from plain files in your repo. SOC 2 / ISO 27001 / NYDFS / GDPR ready. Free.

A containerized DevSecOps orchestration platform featuring automated security scanning (SAST/DAST/SCA) and a Python machine learning engine for predictive risk scoring.

Jenkins Build Agent for specific NetSuite project builds

MERN stack e-commerce marketplace (React + Express + MongoDB + Stripe) with natural security debt — target for AppSec scanning (SAST, DAST, SCA, Pen Test) and automated vulnerability remediation workshops. Source: shamahoque/mern-marketplace (MIT)

Strong Customer Authentication

A skeleton blaze app with additional basic stuff that isn't included in default meteor projects

Tiny security gate for CI/CD. Wraps Semgrep, Gitleaks, osv-scanner, Trivy, and npm audit. One command, one report, one exit code.

Vocabulary generator and sound change applier

ZeroPath plugin for AI code agents — bring AppSec scanning (SAST, secrets, SCA, IaC), finding triage, and security context into Claude Code from chat.

🔍 Scan for dependency confusion vulnerabilities in your projects to enhance security and protect against potential threats with ease.

This Project Implements a GitHub Action workflow to Automate the Security Checks by cloning the NodeJS App Source code, confirming build integrity, and performing security scans. Leveraged Snyk for Static Application Security Testing (SAST) and Software Composition Analysis (SCA) to find vulnerabilities, and OWASP ZAP for penetration tests.