Awesome

Plugins for Tsunami Security Scanner

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

Tsunami's documentation

To learn more about Tsunami, visit our documentation.

Contributing

Read how to contribute to Tsunami.

Currently released Tsunami plugins

Detectors

AI Relevant OSS

• Pytorch Serve Expose API Detector
• Ray CVE-2023-48022 Detector
• Ray CVE-2023-6019 Detector
• H2O CVE-2023-6018 Detector
• MLflow CVE-2023-6977 & CVE-2023-1177 & CVE-2023-2780 Detector
• MLflow CVE-2023-6014 Detector
• MLflow Weak Credential Detector
• Argo Workflow Exposed API Detector
• MinIO Sensitive Info Disclosure Detector
• Gradio CVE-2023-51449 Detector
• Apache Spark CVE-2022-33891 Detector
• Apache Spark Expose UI Detector
• Apache Spark Exposed API Detector
• Apache Airflow CVE-2020-17526 Auth Bypass RCE
• Triton Inference Server RCE
• Intel Neural Compressor CVE-2024-22476 RCE Detector
• ZenML Weak Credential Detector
• Argo CD Exposed UI
• Airflow Exposed UI

Source Code Headers

Every file containing source code must include copyright and license information. This includes any JS/CSS files that you might be serving out to browsers. (This is to help well-intentioned people avoid accidental copying that doesn't comply with the license.)

Apache header:

Copyright 2020 Google LLC

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Disclaimer

Tsunami Security Scanner and its plugins are not officially supported Google products.