secretscan

Here are 2 public repositories matching this topic...

aflock-ai / cilock-trivy-detection-test

Real-attack detection demo. Reproduces the March 2026 Trivy tag-rewrite and LiteLLM .pth credential-stealer playbooks, then shows cilock's three layers of defense blocking each one.

security demo attestation devsecops in-toto trivy slsa supply-chain-security litellm credential-stealer supply-chain-attack secretscan

Updated Mar 22, 2026
Shell

aflock-ai / supply-chain-attacks

Star

Catalog of real-world software supply-chain attacks reproduced as safe harnesses, each with cilock detection demonstrated by live CI. Trivy tag-rewrite, LiteLLM .pth stealer, Nx VS Code, actions-cool hijack, Shai-Hulud npm worm, Microsoft durabletask PyPI, GitHub source disclosure.

attestation attack-detection devsecops durabletask in-toto slsa supply-chain-security sigstore opa-policy cve-reproduction shai-hulud supply-chain-attack secretscan nx-attack actions-cool

Updated May 22, 2026
Open Policy Agent

Improve this page

Add a description, image, and links to the secretscan topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the secretscan topic, visit your repo's landing page and select "manage topics."

Learn more

Provide feedback

Saved searches

Use saved searches to filter your results more quickly