Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for devsecops
devsecops
x
402 search results found
Trivy
⭐
20,160
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Mobile Security Framework Mobsf
⭐
16,123
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Gitleaks
⭐
15,604
Protect and discover secrets using Gitleaks 🔑
Trufflehog
⭐
14,156
Find and verify secrets
Prowler
⭐
9,711
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
Netmaker
⭐
8,629
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Scanners Box
⭐
8,001
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
Tfsec
⭐
6,594
Security scanner for your Terraform code
Steampipe
⭐
6,061
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Firezone
⭐
5,867
WireGuard®-based zero trust access platform that supports OIDC authentication, 2FA, user/group sync, and requires zero firewall configuration.
Devsecops
⭐
5,090
Ultimate DevSecOps library
Terrascan
⭐
4,571
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Threatmapper
⭐
4,534
Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
Faraday
⭐
4,422
Open Source Vulnerability Management Platform
Awesome Devsecops
⭐
4,175
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
Kubernetes Goat
⭐
3,694
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Django Defectdojo
⭐
3,433
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Bunkerweb
⭐
3,410
🛡️ Make your web services secure by default !
Dalfox
⭐
3,047
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Secretscanner
⭐
2,900
🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓
Openrasp
⭐
2,638
🔥Open source RASP solution
Containerssh
⭐
2,576
ContainerSSH: Launch containers on demand
Nodejsscan
⭐
2,275
nodejsscan is a static security code scanner for Node.js applications.
Archerysec
⭐
2,162
Automate Your Application Security Orchestration And Correlation (ASOC) Using ArcherySec.
Dependency Track
⭐
2,119
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Kics
⭐
1,882
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Cicd Goat
⭐
1,723
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
Devsecops Playbook
⭐
1,713
This is a step-by-step guide to implementing a DevSecOps program for any size organization
Bearer
⭐
1,554
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Ggshield
⭐
1,535
Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Devsecops
⭐
1,451
♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
Container Security Checklist
⭐
1,428
Checklist for container security - devsecops practices
Collection Document
⭐
1,416
Collection of quality safety articles. Awesome articles.
Lunasec
⭐
1,355
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunase
Noseyparker
⭐
1,313
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
Yarahunter
⭐
1,225
🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍
Wrongsecrets
⭐
1,168
Vulnerable app with examples showing how to not use secrets
Cloud Devops Learning Resources
⭐
1,153
This repo includes Books and imp notes related to GCP, Azure, AWS, Docker, K8s, and DevOps. More, exam and interview prep notes.
Codeql
⭐
1,152
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
Awesome Threat Modelling
⭐
1,148
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Awesome Devsecops
⭐
1,128
Curating the best DevSecOps resources and tooling.
Terragoat
⭐
1,071
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Awesome Cloudnative Trainings
⭐
1,009
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
Cve Bin Tool
⭐
997
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
Opensca Cli
⭐
964
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
Cmsscan
⭐
940
CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
Dep Scan
⭐
916
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
Awesome Php Security
⭐
886
Awesome PHP Security Resources 🕶🐘🔐
Electriceye
⭐
794
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks
Kube Scan
⭐
734
kube-scan: Octarine k8s cluster risk assessment tool
Sast Scan
⭐
697
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Legitify
⭐
689
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
Copacetic
⭐
679
🧵 CLI tool for directly patching container images using reports from vulnerability scanners
Akto
⭐
676
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
Chain Bench
⭐
674
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Betterscan Ce
⭐
673
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
Securecodebox
⭐
667
secureCodeBox (SCB) - continuous secure delivery out of the box
Awesome Cybersecurity Blueteam Cn
⭐
659
网络安全 · 攻防对抗 · 蓝队清单,中文版
Dongtai Agent Java
⭐
649
Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.
Zeuscloud
⭐
628
Open Source Cloud Security
Trivy Action
⭐
613
Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities
Packj
⭐
573
Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Devsecopsguideline
⭐
567
The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
Openappsec
⭐
557
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Threagile
⭐
524
Agile Threat Modeling Toolkit
Glue
⭐
497
Application Security Automation
Practicalcybersecurityresources
⭐
471
This repository contains a curated list of resources I suggest on LinkedIn and Twitter.📝🌝
Whispers
⭐
457
Identify hardcoded secrets in static structured text
Noir
⭐
457
Attack surface detector that identifies endpoints by static analysis
Privado
⭐
454
Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.
Aws Security Automation
⭐
442
Collection of scripts and resources for DevSecOps and Automated Incident Response Security
Bomber
⭐
406
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
Makes
⭐
377
A software supply chain framework powered by Nix.
Github Actions Goat
⭐
369
GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
Reconmap
⭐
368
Vulnerability assessment and penetration testing automation and reporting platform for teams.
Bootcamp
⭐
362
A open contribute bootcamp to develop DevSecOps skills...
Shisho
⭐
358
Lightweight static analyzer for several programming languages
Netassert
⭐
357
Network security testing for Kubernetes DevSecOps workflows
Dynamic Devops Roadmap
⭐
351
A master plan for roadmap, mentorship, and bootcamp to start a DevOps Engineer career in 2024! ⭐
Amazon Ecs Mythicalmysfits Workshop
⭐
327
A tutorial for developers who want to learn about how to containerized applications on top of AWS using AWS Fargate. You will build a sample website that leverages infrastructure as code, containers, CI/CD, and more! If you're planning on running this, let us know @
[email protected]
. At re:Invent 2018, these sessions were run as CON214/CON321/CON322.
Pycharm Security
⭐
321
Finds security holes in your Python projects from PyCharm and GitHub
Njsscan
⭐
318
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Ggshield Action
⭐
313
GitGuardian Shield GitHub Action - Find exposed credentials in your commits
Hunter
⭐
311
Hunter作为中通DevSecOps闭环方案中的一环,扮演着很重要的角色,开源之后希望能帮助到更多
Spring Boot Microservice Best Practices
⭐
306
Best practices and integrations available for Spring Boot based Microservice in a single repository.
Kubernetes Security Checklist
⭐
304
Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)
Yatas
⭐
299
🦉🔎 A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
Action Baseline
⭐
280
A GitHub Action for running the ZAP Baseline scan
Tfquery
⭐
277
tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.
Falconpy
⭐
271
The CrowdStrike Falcon SDK for Python
Lzone Cheat Sheets
⭐
268
A collection of SRE / DevOps / system architecture cheat sheets hosted on https://lzone.de
Threatplaybook
⭐
266
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Sbt Dependency Check
⭐
259
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Apicheck
⭐
254
The DevSecOps toolset for REST APIs
Chopchop
⭐
245
ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
Action Full Scan
⭐
237
A GitHub Action for running the ZAP Full scan
Hammer
⭐
234
Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)
Qodana Action
⭐
232
⚙️ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle
Security Interview Questions
⭐
230
Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and so on
Chainloop
⭐
225
Chainloop is an open source software supply chain control plane, a single source of truth for artifacts plus a declarative attestation crafting process.
1-100 of 402 search results
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.