Repositories list

• lunasec

  Public
  LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

  dependency-analysiscybersecuritypci-dss+ 17web-securityscanningcve-scanningtokenizationgdprsecurity-toolssoftware-composition-analysis+ 10

  TypeScript

  •

  Other

  •168•1.5k•90•7•Updated May 2, 2024May 2, 2024

• vulnerable-app

  Public
  Intentionally vulnerable apps that are used to test LunaTrace.

  JavaScript

  •5•3•0•7•Updated Mar 2, 2023Mar 2, 2023

• damn-vulnerable-js-sca

  Public
  An intentionally vulnerable Javascript app containing notable vulnerabilities in its dependencies.

  JavaScript

  •

  Apache License 2.0

  •30•18•1•1•Updated Jan 26, 2023Jan 26, 2023

• dvja

  Public
  Damn Vulnerable Java (EE) Application

  Java

  •

  MIT License

  •515•0•0•0•Updated Jan 5, 2023Jan 5, 2023

• grype

  Public
  A vulnerability scanner for container images and filesystems

  Go

  •

  Apache License 2.0

  •683•0•0•0•Updated Dec 29, 2022Dec 29, 2022

• cwe-sdk-javascript

  Public
  A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

  TypeScript

  •

  Apache License 2.0

  •11•1•0•0•Updated Nov 17, 2022Nov 17, 2022

• cve-2022-42889-text4shell-docker

  Public
  Dockerized POC for CVE-2022-42889 Text4Shell (with LunaSec research notes)

  Java

  •31•1•0•0•Updated Oct 20, 2022Oct 20, 2022

• nodejs-lockfile-parser

  Public
  Generate a Snyk dependency tree from package-lock.json or yarn.lock file

  TypeScript

  •

  Other

  •30•0•0•0•Updated Sep 14, 2022Sep 14, 2022

• Spring4Shell-POC

  Public
  This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).

  vulnerable-web-appspring4shellspring4shell-poc

  Python

  •237•107•0•1•Updated Aug 4, 2022Aug 4, 2022

• syft

  Public
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems

  Go

  •

  Apache License 2.0

  •697•1•0•0•Updated Apr 27, 2022Apr 27, 2022

• spring-rce-vulnerable-app

  Public archive
  Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228) and the possible Spring RCE vulnerability.

  Java

  •

  Apache License 2.0

  •548•34•0•0•Updated Mar 31, 2022Mar 31, 2022

• yarn-plugin-workspace-lockfile

  Public
  Yarn 2 plugin to create a separate lockfile per workspace

  JavaScript

  •

  MIT License

  •13•0•0•0•Updated Apr 15, 2021Apr 15, 2021