A software supply chain security inspection tool.

Overview

README.md

murphysec
murphysec

一款专注于软件供应链安全的开源工具,包含开源组件依赖分析、漏洞检测及漏洞修复等功能。

安装

macOS

使用Homebrew安装

// TODO

Windows

使用scoop安装

scoop bucket add murphysec https://github.com/murphysec/scoop-bucket
scoop update
scoop install murphysec

Linux

// TODO

配置

执行murphysec auth login完成身份验证

小范围公测中,点此申请访问令牌

用法

murphysec: A software supply chain security inspection tool.            
                                                                        
Usage:                                                                  
  murphysec [flags]                                                     
  murphysec [command]                                                   
                                                                        
Available Commands:                                                     
  auth        manage the API token                                      
  completion  generate the autocompletion script for the specified shell
  help        Help about any command                                    
  scan

Flags:
      --color          colorize the output (default true)
  -h, --help           help for murphysec
      --token string   specify the API token
  -v, --verbose        show verbose log
      --version        output version information and exit

Use "murphysec [command] --help" for more information about a command.

开源协议

Apache 2.0

You might also like...
Tracee: Linux Runtime Security and Forensics using eBPF
Tracee: Linux Runtime Security and Forensics using eBPF

Tracee is a Runtime Security and forensics tool for Linux. It is using Linux eBPF technology to trace your system and applications at runtime, and analyze collected events to detect suspicious behavioral patterns.

Sqreen's Application Security Management for the Go language
Sqreen's Application Security Management for the Go language

Sqreen's Application Security Management for Go After performance monitoring (APM), error and log monitoring it’s time to add a security component int

How to systematically secure anything: a repository about security engineering
How to systematically secure anything: a repository about security engineering

How to Secure Anything Security engineering is the discipline of building secure systems. Its lessons are not just applicable to computer security. In

Convenience of containers, security of virtual machines

Convenience of containers, security of virtual machines With firebuild, you can build and deploy secure VMs directly from Dockerfiles and Docker image

MQTT安全测试工具 (MQTT Security Tools)
MQTT安全测试工具 (MQTT Security Tools)

███╗ ███╗ ██████╗ ████████╗████████╗███████╗ ████╗ ████║██╔═══██╗╚══██╔══╝╚══██╔══╝██╔════╝ ██╔████╔██║██║ ██║ ██║ ██║ ███████╗ ██║╚██╔╝█

 gosec - Golang Security Checker
gosec - Golang Security Checker

Inspects source code for security problems by scanning the Go AST.

GoPhish by default tips your hand to defenders and security solutions. T

GoPhish by default tips your hand to defenders and security solutions. The container here strips those indicators and makes other changes to hopefully evade detection during operations.

Go binary that finds .EXEs and .DLLs on the system that don't have security controls enabled

Go Hunt Weak PEs Go binary that finds .EXEs and .DLLs on the system that don't have security controls enabled (ASLR, DEP, CFG etc). Usage $ ./go-hunt-

One Time Passwords (OTPs) are an mechanism to improve security over passwords alone.

otp: One Time Password utilities Go / Golang Why One Time Passwords? One Time Passwords (OTPs) are an mechanism to improve security over passwords alo

Releases(v1.2.4-saas.1)
Owner
murphysec
murphysec
Cyber Stasis is an economic simulator in the form of a fictional game based on global real-time demand and supply.

Cyber Stasis Cyber Stasis is an economic simulator in the form of a fictional game based on global real-time demand and supply. How to Play The game r

Stateless Minds 84 Aug 23, 2022
Web-Security-Academy - Web Security Academy, developed in GO

Web-Security-Academy - Web Security Academy, developed in GO

Xavier Llauca 1 Feb 23, 2022
A scalable overlay networking tool with a focus on performance, simplicity and security

What is Nebula? Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. It lets you seamlessly connect comp

Slack 10.5k Sep 24, 2022
Stobox Securities Chain client based on the bsc fork

Stobox Securities Chain The goal of Stobox Securities Chain is to bring programmability and interoperability to Binance Chain. In order to embrace the

Stobox chain 7 Dec 24, 2021
Stobox Securities Chain client based on the bsc fork

Stobox Securities Chain The goal of Stobox Securities Chain is to bring programmability and interoperability to Binance Chain. In order to embrace the

Stobox Progress Chain 7 Dec 24, 2021
Cossack Labs 1.1k Sep 27, 2022
HTTP middleware for Go that facilitates some quick security wins.

Secure Secure is an HTTP middleware for Go that facilitates some quick security wins. It's a standard net/http Handler, and can be used with many fram

Cory Jacobsen 2k Sep 28, 2022
Gryffin is a large scale web security scanning platform.

Gryffin (beta) Gryffin is a large scale web security scanning platform. It is not yet another scanner. It was written to solve two specific problems w

Yahoo 2.1k Sep 23, 2022
set of web security test cases and a toolkit to construct new ones

Webseclab Webseclab contains a sample set of web security test cases and a toolkit to construct new ones. It can be used for testing security scanners

Yahoo 916 Sep 9, 2022
PHP security vulnerabilities checker

Local PHP Security Checker The Local PHP Security Checker is a command line tool that checks if your PHP application depends on PHP packages with know

Fabien Potencier 947 Sep 21, 2022