GitHub Release Tracker

06/01

7

trufflesecurity/TruffleHog v3.95.4

Powerful tool for discovering, classifying, validating, and analyzing leaked credentials.

Go 26607☆ 3440d old #golang #security #go #secret #trufflehog

06/01

7

chainloop-dev/Chainloop v1.99.0

Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports.

Go 551☆ 1184d old #golang #go #devsecops #compliance #cyclonedx

05/29

7

duriantaco/Skylos v4.22.0

Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities.

Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer

05/26

7

safedep/Package Manager Guard (PMG) v0.17.0

Tool that blocks malicious packages during installation by wrapping existing package managers.

Go 387☆ 439d old #golang #npm #go #open-source #devsecops

05/30

6

safedep/vet v1.17.3

Enterprise-grade software supply chain security tool with real-time malicious package detection and policy as code support.

Go 1060☆ 1250d old #golang #security #go #devsecops #supply-chain-security

05/29

6

garagon/Aguara v0.22.0

Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis.

Go 81☆ 105d old #golang #security #go #devsecops #mcp

05/27

5

whgojp/JavaSecLab V1.5

Comprehensive hands-on platform for learning, testing, and auditing Java application security using vulnerable examples, fixes, scenarios, and traffic analysis.

JavaScript 840☆ 745d old #javascript #java #security #devsecops #code-audit

05/28

4

Pantheon-Security/MEDUSA v2026.5.11

AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications.

Python 588☆ 195d old #python #open-source #sast #devsecops #scanner

06/01	7	trufflesecurity/TruffleHog v3.95.4 Powerful tool for discovering, classifying, validating, and analyzing leaked credentials. Go 26607☆ 3440d old #golang #security #go #secret #trufflehog
06/01	7	chainloop-dev/Chainloop v1.99.0 Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports. Go 551☆ 1184d old #golang #go #devsecops #compliance #cyclonedx
05/29	7	duriantaco/Skylos v4.22.0 Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities. Python 446☆ 400d old #python #security #devsecops #code-quality #code-quality-analyzer
05/26	7	safedep/Package Manager Guard (PMG) v0.17.0 Tool that blocks malicious packages during installation by wrapping existing package managers. Go 387☆ 439d old #golang #npm #go #open-source #devsecops
05/30	6	safedep/vet v1.17.3 Enterprise-grade software supply chain security tool with real-time malicious package detection and policy as code support. Go 1060☆ 1250d old #golang #security #go #devsecops #supply-chain-security
05/29	6	garagon/Aguara v0.22.0 Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis. Go 81☆ 105d old #golang #security #go #devsecops #mcp
05/27	5	whgojp/JavaSecLab V1.5 Comprehensive hands-on platform for learning, testing, and auditing Java application security using vulnerable examples, fixes, scenarios, and traffic analysis. JavaScript 840☆ 745d old #javascript #java #security #devsecops #code-audit
05/28	4	Pantheon-Security/MEDUSA v2026.5.11 AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications. Python 588☆ 195d old #python #open-source #sast #devsecops #scanner