Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for devsecops
devsecops
x
402 search results found
Stackql
⭐
221
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
Awesome Devsecops Russia
⭐
221
Awesome DevSecOps на русском языке
Porch Pirate
⭐
215
Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collections, requests, users and teams. Porch Pirate can be used as a client or be incorporated into your own applications.
Casr
⭐
214
Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.
Allinfosecnews_sources
⭐
212
A list of online news & info sources in the InfoSec/Cybersecurity space
Aws Firewall Factory
⭐
205
Easily improve the security of your web applications with aws firewall factory. Protect your valuable assets with seamless WAF deployment, updates, and staging, all efficiently managed centrally with Firewall Manager.
Allero
⭐
199
By scanning CI/CD misconfigurations, Allero helps reduce production issues, harden your security posture and shift-left CI/CD from DevOps to developers.
Postee
⭐
194
Simple message routing system that receives input messages through a webhook interface and can enforce actions using predefined outputs via integrations.
Checkov Action
⭐
188
This GitHub Action runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.
Burpa
⭐
177
Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).
Anteater
⭐
174
Anteater - CI/CD Gate Check Framework
Application Security Engineer Interview Questions
⭐
174
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Docker Security Images
⭐
173
🔐 Docker Container for Penetration Testing & Security
Dastardly Github Action
⭐
173
Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.
Patches
⭐
168
A centralized repository of standalone security patches for open source libraries.
Nmap Formatter
⭐
165
A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot) or sqlite. Simply put it's nmap converter.
Awesome Software Supply Chain Security
⭐
165
A compilation of resources in the software supply chain security domain, with emphasis on open source
Securitydemos
⭐
161
Riskassessmentframework
⭐
161
The Secure Coding Framework
Security Skills Career Roadmap
⭐
156
Skills and career roadmap for various security roles like appsec, cloud security, devsecops, security engineer, security researchers, pentesting, api security, network security, mobile security and so on.with helpful resources, guidelines
Awesome Policy As Code
⭐
154
A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
Gitgoat
⭐
152
GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repositories without a risk to your production environment.
Qodana Cli
⭐
150
🔧 JetBrains Qodana’s official command line tool
Vet
⭐
144
Tool to achieve policy driven vetting of open source dependencies
Preflight
⭐
141
preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack.
Squealer
⭐
140
Telling tales on you for leaking secrets!
Nuvola
⭐
134
Bigbang
⭐
134
BigBang the product
Sonarqube Action
⭐
131
Integrate SonarQube scanner to GitHub Actions
Git Alerts
⭐
128
Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
Advanced Security Compliance
⭐
121
GitHub Advance Security Compliance Action
Saf
⭐
118
The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines
Kccss
⭐
111
Kubernetes Common Configuration Scoring System
Purpleteam
⭐
108
CLI component of OWASP PurpleTeam
Vals Operator
⭐
105
Kubernetes Operator to sync secrets between different secret backends and Kubernetes
Awesome Containerized Security
⭐
102
A collection of tools to improve your containerized apps security posture
Sonar Secrets
⭐
95
SonarQube plugin for identifying hardcoded secrets, such as passwords, API keys, AWS credentials, etc..
Devsecopsguides.github.io
⭐
94
DevSecOpsGuides
Mixewayhub
⭐
92
Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.
Blt
⭐
91
OWASP BLT is a bug logging tool to report issues and get points, companies are held accountable.
Devsecops
⭐
90
This repository contains information about DevSecOps and how to get involved in this community effort.
Dockerfile Security
⭐
88
Static security checker for Dockerfiles
Awesome Mlsecops
⭐
86
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
Deeptracy
⭐
84
The Security Dependency Orchestrator Service
Django Security Check
⭐
78
Helps you continuously monitor and fix common security vulnerabilities in your Django application.
Cybersecurityroadmapsuggestions
⭐
77
This repository contains a list of roadmaps I created with my suggestions on LinkedIn and Twitter.🤞🏻😌
Kubelight
⭐
76
OWASP Kubernetes security and compliance tool [WIP]
Purify
⭐
76
All-in-one tool for managing vulnerability reports from AppSec pipelines
Intercept
⭐
74
INTERCEPT / Policy as Code Auditing / SAST for Code & APIs
Aws Container Devsecops Workshop
⭐
73
This workshop is designed to help attendees understand the security concerns of container images and learn how to create a devsecops pipeline for securely building and releasing images.
Bridgecrew Action
⭐
72
This GitHub Action runs Bridgecrew against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.
Cleanarchitecturewithdevsecops
⭐
71
This repository contains code samples related with clean software architecture and DevSecOps.
Py Gitguardian
⭐
68
Python API client library for the GitGuardian API
Havengrc
⭐
68
☁️Haven GRC - easier governance, risk, and compliance 👨⚕️👮♀️🦸♀️🕵️♀️👩🔬
Cpplumber
⭐
68
Static analysis tool based on clang, which detects source-to-binary information leaks in C and C++ projects
Devopssecuritychecklist
⭐
68
Azdevopssecurity
⭐
68
Security considerations and guidelines for Azure DevOps and Azure
Cfngoat
⭐
64
Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Github Actions Templates
⭐
61
Reusable GitHub Actions workflow examples for cloud native DevOps
Envsecrets
⭐
61
Open-source, end-to-end encrypted CLI-first management of your environment secrets.
Learning Cloud Development On Dotnet Azure Devops
⭐
60
Recommended Learning Materials for Microsoft Azure, .NET Development , Infrastructure as Code, Azure DevOps, DevSecOps, etc.by Jonah Andersson
Dotnet2019 Aspnet Core Best Practices
⭐
60
Dotnet 2019 Talk - Asp.Net Core Good Practices in 2019
Log4j Cve 2021 44228
⭐
58
Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)
Steampipe Postgres Fdw
⭐
57
The Steampipe foreign data wrapper (FDW) is a zero-ETL product that provides Postgres foreign tables which translate queries into API calls to cloud services and APIs. It's bundled with Steampipe and also available as a set of standalone extensions for use in your own Postgres database.
Lotus
⭐
56
⚡ Fast Web Security Scanner written in Rust based on Lua Scripts 🌖 🦀
Nightfall_dlp_action
⭐
55
GitHub Data Loss Prevention (DLP) Action: Scan Pull Requests for sensitive data, like credentials & secrets, PII, credit card numbers, and more.
Blog
⭐
53
I wish the world continues to be lively, I wish you and me are still you and me.
Brainiac
⭐
53
BrainIAC uses static code analysis to analyze IAC code to detect security issues before deployment. This tool can scan for issues like security policy misconfigurations, insecure cloud-based services, and compliance issues.
Introspector
⭐
52
A schema and set of tools for using SQL to query cloud infrastructure.
Snyk Security Scanner Plugin
⭐
52
Test and monitor your projects for vulnerabilities with Jenkins. This plugin is officially maintained by Snyk.
Tarian
⭐
52
Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runtime processes monitoring, automated actions based on configure-actions, analytics, alerting and also sharing detections with community. Maybe save from Ransomware. Shift-Left your threat detection. Shift Right threat elimination.
Prisma_channel_resources
⭐
51
A collection of technical and sales resources related to Prisma Cloud Compute and Prisma Cloud Enterprise created for the PANW Channel Partner Ecosystem and other engineers working with the solution
Devops Governance
⭐
50
A CI/CD Approach & Framework for infrastructure that can be used in governance heavy organizations and is intended to give the developers as much autonomy as possible to do their work following DevOps & GitOps principles.
Awesome Devsecops_ru
⭐
50
Подборка выступлений и публикаций на тему DevSecOps на русском и не только)
Vimana Framework
⭐
50
Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.
Dependency Track Maven Plugin
⭐
50
Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
Falco_extended_rules
⭐
49
Curating Falco rules with MITRE ATT&CK Matrix
Rapidast
⭐
49
RapiDAST enables simple, continuous and fully automated application security testing
Ochrona Cli
⭐
48
A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
Tel It Security Automation
⭐
46
Deutsche Telekom IT GmbH (DevSecOps Team): Project for Security & Compliance Automation
Devsecops Quickstart
⭐
44
Quickly set up a ready to use development environment integrated with a multi-account CI/CD pipeline following security and DevOps best practices
Hijack Kubernetes
⭐
43
This repo includes a demo that shows how a Kubernetes cluster can be hijacked and how to prevent it using common best practices.
Sarathy
⭐
43
minikube in docker, k3s in docker, dind, low-code/no-code
Hungryfox
⭐
43
Monitoring for leaks of sensitive information in git repositories
Auditree Framework
⭐
42
The Auditree framework tool to run compliance control checks as unit tests.
Security Automation With Ansible 2
⭐
42
Ansible Playbooks for Security Automation with Ansible2 book
Mobsf Ci
⭐
42
All that is required to run MobSF in the ci
Prisma Cloud Scan
⭐
41
GitHub action to scan container images with Palo Alto Networks' Prisma Cloud
Holisticinfosec For Webdevelopers Fascicle0
⭐
40
📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚
Steampipe Sqlite
⭐
39
Steampipe SQLite is a zero-ETL engine for SQLite. Virtual tables translate queries into live API calls for cloud services and APIs. Hundreds of plugins with thousands of documented examples.
Devsecops Project
⭐
39
DevSecOps Project using git, GitHub, jenkins, Maven,Junit, SonarQube, Docker, Trivy, Hashicorp Vault, AWS, Kubernetes
Iac Scan Runner
⭐
38
Service that scans your Infrastructure as Code for common vulnerabilities
Devsecops Architecture Tools
⭐
38
A collection of diagramming tools to help create DevOps/DevSecOps reference architectures
Prancer Compliance Test
⭐
37
This repository includes cloud security policies for IaC and live resources.
Action Api Scan
⭐
37
A GitHub Action for running the ZAP API scan
Faraday_plugins
⭐
36
Security tools report parsers for Faradaysec.com
Tools
⭐
36
Curated list of security tools
Gitavscan
⭐
36
Git Anti-Virus Scan Action - Detect trojans, viruses, malware & other malicious threats.
Sdp Pipeline Framework
⭐
36
The Solutions Delivery Platform runtime pipeline framework
Google Cloudskillsboost
⭐
35
[WIP] This repository contains the solutions for the Google Cloud Skill Boost challenge labs
101-200 of 402 search results
< Previous
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.