Repositories list

• vulnerable-next-js-poc

  Public
  POC for React2Shell (CVE-2025-55182)

  Shell

  •0•1•0•1•Updated Dec 9, 2025Dec 9, 2025

• kdt

  Public
  CLI to interact with Kondukto

  clidevopsapplication-security+ 3security-toolsdevsecopskondukto

  Go

  •

  GNU General Public License v3.0

  •9•27•2•0•Updated Dec 8, 2025Dec 8, 2025

• poc-gapp

  Public
  POC Go Application

  Go

  •0•0•0•0•Updated Nov 30, 2025Nov 30, 2025

• webhook-issue-manager

  Public
  Go

  •1•0•0•2•Updated Nov 20, 2025Nov 20, 2025

• kntrl

  Public
  kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this by monitoring kernel calls, and denying access as soon as your defined behaviour is detected. For more: https://kntrl.dev

  C

  •

  Apache License 2.0

  •8•125•2•1•Updated Sep 23, 2025Sep 23, 2025

• semgrep-rules-example

  Public
  Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.

  HCL

  •488•0•0•1•Updated May 22, 2025May 22, 2025

• migrongo

  Public
  Migrongo is a Go package designed to handle MongoDB migrations using JavaScript files and the mongosh shell.

  Go

  •

  MIT License

  •0•0•3•1•Updated Dec 12, 2024Dec 12, 2024

• okta-bcrypt-auth-bypass

  Public
  Okta Authentication bypass explained

  JavaScript

  •0•0•0•0•Updated Nov 7, 2024Nov 7, 2024

• monorepo-fsqio

  Public
  A monorepo that holds all of Foursquare's opensource projects

  Scala

  •

  Apache License 2.0

  •52•0•0•0•Updated Jul 30, 2024Jul 30, 2024

• simple-fuzzing

  Public
  Companion repository that shows continuous fuzzing to secure APIs

  Go

  •0•0•0•4•Updated Jul 15, 2024Jul 15, 2024

• kondukto-secure-tunnel

  Public
  0•0•0•0•Updated Apr 3, 2024Apr 3, 2024

• security-research

  Public
  Kondukto Security Research Library

  JavaScript

  •0•0•0•1•Updated Mar 28, 2024Mar 28, 2024

• sbom-gradle-cyclonedx-pipeline-scan

  Public
  SBOM generating with Syft & CycloneDX Plugins, Scan with osv-scanner and import on Kondukto with KDT

  CSS

  •

  Apache License 2.0

  •0•2•0•0•Updated Jan 5, 2024Jan 5, 2024

• java-xxe-vulnerability-search-semgrep-remediation

  Public
  XXE vulnerability searched by semgrep, remediation and exploitaiton.

  Java

  •0•0•0•0•Updated Nov 14, 2023Nov 14, 2023

• cx-postscan-action-runner

  Public
  Helper scripts for Checkmarx post scan action to import results to Kondukto.

  PowerShell

  •1•0•0•0•Updated Feb 27, 2023Feb 27, 2023

• dockerfile-bestpractice-rules

  Public
  Some Semgrep rules for dockerfile best practices

  MIT License

  •0•9•0•0•Updated Aug 25, 2022Aug 25, 2022

• semgrep-rules

  Public
  Custom semgrep rules registry

  static-analysissecurity-scannerkondukto+ 2semgrepsemgrep-rules

  Java

  •2•14•0•0•Updated Aug 23, 2022Aug 23, 2022

• kdt-action

  Public
  0•0•0•0•Updated Jul 19, 2022Jul 19, 2022

• sbom-pipeline-example

  Public
  This repo does contains an example of Jenkins/Github Pipeline and a Maven Project.

  jenkinslog4jsbom+ 4github-actionskonduktodevsecops-pipelinesbom-examples

  Java

  •1•1•0•1•Updated Jun 1, 2022Jun 1, 2022

• log4j-test

  Public
  A sample Java project

  Java

  •0•0•0•0•Updated Jan 27, 2022Jan 27, 2022

• klog

  Public
  Kondukto leveled simple logging library

  Go

  •0•0•0•0•Updated Jun 3, 2021Jun 3, 2021