GitHub Release Tracker

06/01

7

trufflesecurity/TruffleHog v3.95.4

Powerful tool for discovering, classifying, validating, and analyzing leaked credentials.

Go 26609☆ 3441d old #golang #security #go #secret #trufflehog

06/01

7

trufflesecurity/TruffleHog v3.95.5

Powerful tool for discovering, classifying, validating, and analyzing leaked credentials.

Go 26609☆ 3441d old #golang #security #go #secret #trufflehog

06/01

7

chainloop-dev/Chainloop v1.99.0

Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports.

Go 551☆ 1184d old #golang #go #devsecops #compliance #cyclonedx

05/29

7

duriantaco/Skylos v4.22.0

Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities.

Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer

05/29

7

duriantaco/Skylos v4.21.0

Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities.

Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer

05/27

7

duriantaco/Skylos v4.20.0

Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities.

Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer

05/26

7

safedep/Package Manager Guard (PMG) v0.17.0

Tool that blocks malicious packages during installation by wrapping existing package managers.

Go 387☆ 440d old #golang #npm #go #open-source #devsecops

05/24

7

duriantaco/Skylos v4.19.0

Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities.

Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer

05/22

7

duriantaco/Skylos v4.18.0

Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities.

Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer

05/21

7

duriantaco/Skylos v4.17.0

Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities.

Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer

05/21

7

safedep/Package Manager Guard (PMG) v0.16.0

Tool that blocks malicious packages during installation by wrapping existing package managers.

Go 387☆ 440d old #golang #npm #go #open-source #devsecops

05/20

7

boostsecurityio/Bagel v0.7.0

Cross-platform CLI that scans developer workstations for risky tool configurations and secret metadata, producing structured JSON reports without exposing secret values.

Go 130☆ 100d old #golang #cli #go #devsecops #developer

05/20

7

safedep/Package Manager Guard (PMG) v0.15.0

Tool that blocks malicious packages during installation by wrapping existing package managers.

Go 387☆ 440d old #golang #npm #go #open-source #devsecops

05/20

7

betterleaks/Betterleaks v1.3.0

Detects passwords, API keys, and tokens in git repos, files, or stdin using configurable, high-performance scanning.

Go 1015☆ 112d old #golang #go #cicd #devops #credentials

05/30

6

duriantaco/Skylos v4.22.1

Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities.

Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer

05/30

6

safedep/vet v1.17.3

Enterprise-grade software supply chain security tool with real-time malicious package detection and policy as code support.

Go 1061☆ 1251d old #golang #security #go #devsecops #supply-chain-security

05/29

6

garagon/Aguara v0.22.0

Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis.

Go 81☆ 105d old #golang #security #go #devsecops #mcp

05/29

6

garagon/Aguara v0.21.0

Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis.

Go 81☆ 105d old #golang #security #go #devsecops #mcp

05/28

6

garagon/Aguara v0.20.0

Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis.

Go 81☆ 105d old #golang #security #go #devsecops #mcp

05/28

6

safedep/Package Manager Guard (PMG) v0.17.2

Tool that blocks malicious packages during installation by wrapping existing package managers.

Go 387☆ 440d old #golang #npm #go #open-source #devsecops

05/27

6

safedep/Package Manager Guard (PMG) v0.17.1

Tool that blocks malicious packages during installation by wrapping existing package managers.

Go 387☆ 440d old #golang #npm #go #open-source #devsecops

05/27

6

chainloop-dev/Chainloop v1.98.7

Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports.

Go 551☆ 1184d old #golang #go #devsecops #compliance #cyclonedx

05/26

6

chainloop-dev/Chainloop v1.98.5

Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports.

Go 551☆ 1184d old #golang #go #devsecops #compliance #cyclonedx

05/26

6

garagon/Aguara v0.19.0

Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis.

Go 81☆ 105d old #golang #security #go #devsecops #mcp

05/22

6

boostsecurityio/poutine v1.1.6

Security scanner for detecting misconfigurations and vulnerabilities in repository build pipelines by parsing CI/CD workflows.

Go 467☆ 778d old #github #golang #cli #go #ci

05/22

6

betterleaks/Betterleaks v1.3.1

Detects passwords, API keys, and tokens in git repos, files, or stdin using configurable, high-performance scanning.

Go 1015☆ 112d old #golang #go #cicd #devops #credentials

05/22

6

boostsecurityio/poutine v1.1.5

Security scanner for detecting misconfigurations and vulnerabilities in repository build pipelines by parsing CI/CD workflows.

Go 467☆ 778d old #github #golang #cli #go #ci

05/22

6

chainloop-dev/Chainloop v1.98.4

Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports.

Go 551☆ 1184d old #golang #go #devsecops #compliance #cyclonedx

05/21

6

chainloop-dev/Chainloop v1.98.3

Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports.

Go 551☆ 1184d old #golang #go #devsecops #compliance #cyclonedx

05/20

6

chainloop-dev/Chainloop v1.98.2

Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports.

Go 551☆ 1184d old #golang #go #devsecops #compliance #cyclonedx

05/20

6

duriantaco/Skylos v4.16.2

Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities.

Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer

06/01

5

garagon/Aguara v0.22.1

Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis.

Go 81☆ 105d old #golang #security #go #devsecops #mcp

05/30

5

safedep/Package Manager Guard (PMG) v0.17.4

Tool that blocks malicious packages during installation by wrapping existing package managers.

Go 387☆ 440d old #golang #npm #go #open-source #devsecops

05/28

5

safedep/Package Manager Guard (PMG) v0.17.3

Tool that blocks malicious packages during installation by wrapping existing package managers.

Go 387☆ 440d old #golang #npm #go #open-source #devsecops

05/27

5

whgojp/JavaSecLab V1.5

Comprehensive hands-on platform for learning, testing, and auditing Java application security using vulnerable examples, fixes, scenarios, and traffic analysis.

JavaScript 840☆ 745d old #javascript #java #security #devsecops #code-audit

05/25

5

garagon/Aguara v0.18.4

Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis.

Go 81☆ 105d old #golang #security #go #devsecops #mcp

05/22

5

pii-shield/PII-Shield v2.0.5

Zero-code Kubernetes sidecar that redacts PII from logs pre-egress using entropy analysis and deterministic hashing.

Go 124☆ 117d old #golang #go #json #devsecops #gdpr

05/21

5

pii-shield/PII-Shield v2.0.4

Zero-code Kubernetes sidecar that redacts PII from logs pre-egress using entropy analysis and deterministic hashing.

Go 124☆ 117d old #golang #go #json #devsecops #gdpr

05/21

5

pii-shield/PII-Shield v2.0.3

Zero-code Kubernetes sidecar that redacts PII from logs pre-egress using entropy analysis and deterministic hashing.

Go 124☆ 117d old #golang #go #json #devsecops #gdpr

05/21

5

garagon/Aguara v0.18.3

Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis.

Go 81☆ 105d old #golang #security #go #devsecops #mcp

05/20

5

interlynk-io/sbomasm v2.0.6

Comprehensive SBOM lifecycle toolkit for assembling, editing, enriching, removing sensitive data, signing, and viewing SBOMs.

Go 118☆ 1114d old #golang #go #devsecops #cyclonedx #gomodule

05/28

4

Pantheon-Security/MEDUSA v2026.5.11

AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications.

Python 588☆ 195d old #python #open-source #sast #devsecops #scanner

05/24

4

Pantheon-Security/MEDUSA v2026.5.10

AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications.

Python 588☆ 195d old #python #open-source #sast #devsecops #scanner

05/21

4

pii-shield/PII-Shield pii-shield-operator-...

Zero-code Kubernetes sidecar that redacts PII from logs pre-egress using entropy analysis and deterministic hashing.

Go 124☆ 117d old #golang #go #json #devsecops #gdpr

05/20

4

Pantheon-Security/MEDUSA v2026.5.9

AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications.

Python 588☆ 195d old #python #open-source #sast #devsecops #scanner

05/20

4

Pantheon-Security/MEDUSA v2026.5.8

AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications.

Python 588☆ 195d old #python #open-source #sast #devsecops #scanner

06/01	7	trufflesecurity/TruffleHog v3.95.4 Powerful tool for discovering, classifying, validating, and analyzing leaked credentials. Go 26609☆ 3441d old #golang #security #go #secret #trufflehog
06/01	7	trufflesecurity/TruffleHog v3.95.5 Powerful tool for discovering, classifying, validating, and analyzing leaked credentials. Go 26609☆ 3441d old #golang #security #go #secret #trufflehog
06/01	7	chainloop-dev/Chainloop v1.99.0 Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports. Go 551☆ 1184d old #golang #go #devsecops #compliance #cyclonedx
05/29	7	duriantaco/Skylos v4.22.0 Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities. Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer
05/29	7	duriantaco/Skylos v4.21.0 Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities. Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer
05/27	7	duriantaco/Skylos v4.20.0 Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities. Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer
05/26	7	safedep/Package Manager Guard (PMG) v0.17.0 Tool that blocks malicious packages during installation by wrapping existing package managers. Go 387☆ 440d old #golang #npm #go #open-source #devsecops
05/24	7	duriantaco/Skylos v4.19.0 Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities. Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer
05/22	7	duriantaco/Skylos v4.18.0 Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities. Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer
05/21	7	duriantaco/Skylos v4.17.0 Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities. Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer
05/21	7	safedep/Package Manager Guard (PMG) v0.16.0 Tool that blocks malicious packages during installation by wrapping existing package managers. Go 387☆ 440d old #golang #npm #go #open-source #devsecops
05/20	7	boostsecurityio/Bagel v0.7.0 Cross-platform CLI that scans developer workstations for risky tool configurations and secret metadata, producing structured JSON reports without exposing secret values. Go 130☆ 100d old #golang #cli #go #devsecops #developer
05/20	7	safedep/Package Manager Guard (PMG) v0.15.0 Tool that blocks malicious packages during installation by wrapping existing package managers. Go 387☆ 440d old #golang #npm #go #open-source #devsecops
05/20	7	betterleaks/Betterleaks v1.3.0 Detects passwords, API keys, and tokens in git repos, files, or stdin using configurable, high-performance scanning. Go 1015☆ 112d old #golang #go #cicd #devops #credentials
05/30	6	duriantaco/Skylos v4.22.1 Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities. Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer
05/30	6	safedep/vet v1.17.3 Enterprise-grade software supply chain security tool with real-time malicious package detection and policy as code support. Go 1061☆ 1251d old #golang #security #go #devsecops #supply-chain-security
05/29	6	garagon/Aguara v0.22.0 Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis. Go 81☆ 105d old #golang #security #go #devsecops #mcp
05/29	6	garagon/Aguara v0.21.0 Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis. Go 81☆ 105d old #golang #security #go #devsecops #mcp
05/28	6	garagon/Aguara v0.20.0 Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis. Go 81☆ 105d old #golang #security #go #devsecops #mcp
05/28	6	safedep/Package Manager Guard (PMG) v0.17.2 Tool that blocks malicious packages during installation by wrapping existing package managers. Go 387☆ 440d old #golang #npm #go #open-source #devsecops
05/27	6	safedep/Package Manager Guard (PMG) v0.17.1 Tool that blocks malicious packages during installation by wrapping existing package managers. Go 387☆ 440d old #golang #npm #go #open-source #devsecops
05/27	6	chainloop-dev/Chainloop v1.98.7 Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports. Go 551☆ 1184d old #golang #go #devsecops #compliance #cyclonedx
05/26	6	chainloop-dev/Chainloop v1.98.5 Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports. Go 551☆ 1184d old #golang #go #devsecops #compliance #cyclonedx
05/26	6	garagon/Aguara v0.19.0 Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis. Go 81☆ 105d old #golang #security #go #devsecops #mcp
05/22	6	boostsecurityio/poutine v1.1.6 Security scanner for detecting misconfigurations and vulnerabilities in repository build pipelines by parsing CI/CD workflows. Go 467☆ 778d old #github #golang #cli #go #ci
05/22	6	betterleaks/Betterleaks v1.3.1 Detects passwords, API keys, and tokens in git repos, files, or stdin using configurable, high-performance scanning. Go 1015☆ 112d old #golang #go #cicd #devops #credentials
05/22	6	boostsecurityio/poutine v1.1.5 Security scanner for detecting misconfigurations and vulnerabilities in repository build pipelines by parsing CI/CD workflows. Go 467☆ 778d old #github #golang #cli #go #ci
05/22	6	chainloop-dev/Chainloop v1.98.4 Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports. Go 551☆ 1184d old #golang #go #devsecops #compliance #cyclonedx
05/21	6	chainloop-dev/Chainloop v1.98.3 Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports. Go 551☆ 1184d old #golang #go #devsecops #compliance #cyclonedx
05/20	6	chainloop-dev/Chainloop v1.98.2 Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports. Go 551☆ 1184d old #golang #go #devsecops #compliance #cyclonedx
05/20	6	duriantaco/Skylos v4.16.2 Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities. Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer
06/01	5	garagon/Aguara v0.22.1 Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis. Go 81☆ 105d old #golang #security #go #devsecops #mcp
05/30	5	safedep/Package Manager Guard (PMG) v0.17.4 Tool that blocks malicious packages during installation by wrapping existing package managers. Go 387☆ 440d old #golang #npm #go #open-source #devsecops
05/28	5	safedep/Package Manager Guard (PMG) v0.17.3 Tool that blocks malicious packages during installation by wrapping existing package managers. Go 387☆ 440d old #golang #npm #go #open-source #devsecops
05/27	5	whgojp/JavaSecLab V1.5 Comprehensive hands-on platform for learning, testing, and auditing Java application security using vulnerable examples, fixes, scenarios, and traffic analysis. JavaScript 840☆ 745d old #javascript #java #security #devsecops #code-audit
05/25	5	garagon/Aguara v0.18.4 Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis. Go 81☆ 105d old #golang #security #go #devsecops #mcp
05/22	5	pii-shield/PII-Shield v2.0.5 Zero-code Kubernetes sidecar that redacts PII from logs pre-egress using entropy analysis and deterministic hashing. Go 124☆ 117d old #golang #go #json #devsecops #gdpr
05/21	5	pii-shield/PII-Shield v2.0.4 Zero-code Kubernetes sidecar that redacts PII from logs pre-egress using entropy analysis and deterministic hashing. Go 124☆ 117d old #golang #go #json #devsecops #gdpr
05/21	5	pii-shield/PII-Shield v2.0.3 Zero-code Kubernetes sidecar that redacts PII from logs pre-egress using entropy analysis and deterministic hashing. Go 124☆ 117d old #golang #go #json #devsecops #gdpr
05/21	5	garagon/Aguara v0.18.3 Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis. Go 81☆ 105d old #golang #security #go #devsecops #mcp
05/20	5	interlynk-io/sbomasm v2.0.6 Comprehensive SBOM lifecycle toolkit for assembling, editing, enriching, removing sensitive data, signing, and viewing SBOMs. Go 118☆ 1114d old #golang #go #devsecops #cyclonedx #gomodule
05/28	4	Pantheon-Security/MEDUSA v2026.5.11 AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications. Python 588☆ 195d old #python #open-source #sast #devsecops #scanner
05/24	4	Pantheon-Security/MEDUSA v2026.5.10 AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications. Python 588☆ 195d old #python #open-source #sast #devsecops #scanner
05/21	4	pii-shield/PII-Shield pii-shield-operator-... Zero-code Kubernetes sidecar that redacts PII from logs pre-egress using entropy analysis and deterministic hashing. Go 124☆ 117d old #golang #go #json #devsecops #gdpr
05/20	4	Pantheon-Security/MEDUSA v2026.5.9 AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications. Python 588☆ 195d old #python #open-source #sast #devsecops #scanner
05/20	4	Pantheon-Security/MEDUSA v2026.5.8 AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications. Python 588☆ 195d old #python #open-source #sast #devsecops #scanner