Merge branch 'main' into main

This commit is contained in:
Christophe H
2022-11-03 11:37:14 +01:00
committed by GitHub
180 changed files with 5022 additions and 416 deletions
@@ -0,0 +1,7 @@
{
"name": "Anchore Syft SBOM Scan",
"creator": "Anchore",
"description": "Produce Software Bills of Materials based on Anchore's open source Syft tool.",
"iconName": "anchore",
"categories": ["Code Scanning", "dockerfile", "dependency-management"]
}
@@ -1,7 +1,7 @@
{
"name": "Anchore Container Scan",
"creator": "Indeni Cloudrail",
"description": "Produce container image vulnerability and compliance reports based on the open-source Anchore container image scanner.",
"name": "Anchore Grype Vulnerability Scan",
"creator": "Anchore",
"description": "Produce source and container vulnerability reports based on Anchore's open source Grype tool.",
"iconName": "anchore",
"categories": ["Code Scanning", "dockerfile"]
}
}
@@ -0,0 +1,9 @@
{
"name": "clj-watson",
"description": "Scan Clojure/Clojurescript projects for vulnerable direct/transitive dependencies.",
"iconName": "clj-watson",
"categories": [
"Code Scanning",
"Clojure"
]
}
@@ -1,6 +1,7 @@
{
"name": "CodeQL Analysis",
"creator": "GitHub",
"enterprise": true,
"description": "Security analysis from GitHub for C, C++, C#, Go, Java, JavaScript, TypeScript, Python, and Ruby developers.",
"iconName": "octicon mark-github",
"categories": ["Code Scanning", "C", "C++", "C#", "Go", "Java", "JavaScript", "TypeScript", "Python", "Ruby"]
@@ -0,0 +1,7 @@
{
"name": "Contrast Scan",
"creator": "Contrast Security Inc",
"description": "Scans Pull Requests on each push for the introduction and/or resolution of vulnerabilities to the repository.",
"iconName": "contrast",
"categories": ["Code Scanning", "java", "javascript", "dotnet"]
}
@@ -0,0 +1,7 @@
{
"name": "Red Hat CodeReady Dependency Analytics",
"creator": "Red Hat",
"description": "Scan your project's dependencies with CodeReady Dependency Analytics.",
"iconName": "openshift",
"categories": ["Code Scanning", "Go", "Python", "Node.js", "Java"]
}
@@ -1,6 +1,6 @@
{
"name": "Dependency Review",
"description": "Scans Pull Requests on each push for the introduction and/or resolution of vulnerable depdendencies to the repository",
"description": "Scans Pull Requests on each push for the introduction and/or resolution of vulnerable dependencies to the repository",
"iconName": "octicon mark-github",
"categories": [
"Dependency review",
@@ -0,0 +1,12 @@
{
"name": "ESLint",
"description": "A tool for identifying and reporting the problems found in ECMAScript/JavaScript code.",
"iconName": "eslint",
"enterprise": false,
"categories": [
"Code Scanning",
"JavaScript",
"EcmaScript",
"TypeScript"
]
}
@@ -0,0 +1,24 @@
{
"name": "EthicalCheck",
"creator": "APIsec",
"description": "EthicalCheck provides the industrys only free & automated API security testing service that uncovers security vulnerabilities using OWASP API list.",
"iconName": "apisec",
"categories": [
"Code Scanning",
"C",
"C#",
"C++",
"Go",
"Java",
"JavaScript",
"Kotlin",
"Objective C",
"PHP",
"Python",
"Ruby",
"Rust",
"Scala",
"Swift",
"TypeScript"
]
}
@@ -0,0 +1,15 @@
{
"name": "Frogbot Scan and Fix",
"description": "Automatically creates pull requests with fixes for vulnerable project dependencies. Uses JFrog Xray to scan the project. Included as part of JFrog's free subscription.",
"iconName": "frogbot",
"categories": [
"Code Scanning",
"Go Module",
"Maven POM",
"NPM Config",
"Gradle",
"C#",
"Python"
],
"creator": "JFrog"
}
@@ -0,0 +1,15 @@
{
"name": "Frogbot Scan Pull Request",
"description": "Automatically scans new pull requests for security vulnerabilities. Uses JFrog Xray to scan the project. Included as part of JFrog's free subscription.",
"iconName": "frogbot",
"categories": [
"Code Scanning",
"Go Module",
"Maven POM",
"NPM Config",
"Gradle",
"C#",
"Python"
],
"creator": "JFrog"
}
@@ -0,0 +1,6 @@
{
"name": "Haskell Dockerfile Linter",
"description": "A smarter Dockerfile linter that helps you build best practice Docker images.",
"iconName": "hadolint",
"categories": ["Code Scanning", "Dockerfile"]
}
@@ -0,0 +1,6 @@
{
"name": "lintr",
"description": "lintr provides static code analysis for R.",
"iconName": "lintr",
"categories": [ "Code Scanning", "R" ]
}
@@ -0,0 +1,24 @@
{
"name": "NeuraLegion",
"creator": "NeuraLegion",
"description": "Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports",
"iconName": "neuralegion",
"categories": [
"Code Scanning",
"C",
"C#",
"C++",
"Go",
"Java",
"JavaScript",
"Kotlin",
"Objective C",
"PHP",
"Python",
"Ruby",
"Rust",
"Scala",
"Swift",
"TypeScript"
]
}
@@ -0,0 +1,21 @@
{
"name": "NowSecure Mobile SBOM",
"creator": "NowSecure",
"description": "Generate a Mobile SBOM for an application and submit to Dependency Graph",
"iconName": "nowsecure",
"categories": [
"Code Scanning",
"Java",
"Kotlin",
"Scala",
"Swift",
"Objective C",
"C",
"C++",
"C#",
"Rust",
"JavaScript",
"TypeScript",
"Node"
]
}
@@ -0,0 +1,6 @@
{
"name": "PHPMD",
"description": "A spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD.",
"iconName": "phpmd",
"categories": [ "Code Scanning", "PHP" ]
}
@@ -0,0 +1,6 @@
{
"name": "puppet-lint",
"description": "Puppet Lint tests Puppet code against the recommended Puppet language style guide.",
"iconName": "puppet-lint",
"categories": [ "Code Scanning", "Puppet" ]
}
@@ -0,0 +1,7 @@
{
"name": "Pyre",
"creator": "Meta",
"description": "Pyre is a performant type checker for Python compliant with PEP 484. Pyre can analyze codebases with millions of lines of code incrementally providing instantaneous feedback to developers as they write code.",
"iconName": "pyre",
"categories": ["Code Scanning", "Python"]
}
@@ -0,0 +1,7 @@
{
"name": "Pysa",
"creator": "Meta",
"description": "Python Static Analyzer (Pysa) is a security-focused static analysis tool that tracks flows of data from where they originate to where they terminate in a dangerous location.",
"iconName": "pysa",
"categories": ["Code Scanning", "Python"]
}
@@ -1,10 +1,9 @@
{
"name": "rust-clippy",
"creator": "Rust",
"description": "A collection of lints to catch common mistakes and improve your Rust code.",
"iconName": "rust",
"categories": [
"Code Scanning",
"rust"
]
}
}
@@ -0,0 +1,11 @@
{
"name": "Sobelow",
"creator": "nccgroup",
"description": "Sobelow is a security-focused static analysis tool for the Phoenix framework.",
"iconName": "sobelow",
"categories": [
"Code Scanning",
"Elixir"
]
}
@@ -0,0 +1,7 @@
{
"name": "SOOS DAST Scan",
"creator": "SOOS",
"description": "SOOS DAST is the easy-to-integrate no-limit web vulnerability scanner. Integrate SOOS DAST with your CI pipeline to find vulnerabilities by scanning a web app or APIs.",
"iconName": "soos",
"categories": ["Code Scanning"]
}
@@ -0,0 +1,7 @@
{
"name": "Zscaler IaC Scan",
"creator": "Zscaler CWP",
"description": "Scan your Infrastructure as Code files using Zscaler Infrastructure as Code (IaC) Scan app",
"iconName": "zscaler",
"categories": ["Code Scanning"]
}
@@ -0,0 +1,14 @@
{
"name": "zScan",
"creator": "Zimperium",
"description": "The zimperium-zscan GitHub action scans your mobile app binary (iOS or Android) and identifies security, privacy, and compliance-related vulnerabilities. ",
"iconName": "zscan",
"categories": [
"Code Scanning",
"Java",
"Kotlin",
"Scala",
"Swift",
"Objective C"
]
}