Awesome Open Source

Programming Languages

Search results for security tools devsecops

security-tools x

71 search results found

Trivy ⭐ 20,160

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Gitleaks ⭐ 19,337

Find secrets with Gitleaks 🔑

Trufflehog ⭐ 18,680

Find, verify, and analyze leaked credentials

Terrascan ⭐ 4,863

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Threatmapper ⭐ 4,534

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

Secretscanner ⭐ 2,900

🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓

Containerssh ⭐ 2,576

ContainerSSH: Launch containers on demand

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

Bearer ⭐ 2,102

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Lunasec ⭐ 1,355

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunase

Noseyparker ⭐ 1,313

Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.

Dep Scan ⭐ 1,092

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

Cve Bin Tool ⭐ 997

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

Awesome Php Security ⭐ 886

Awesome PHP Security Resources 🕶🐘🔐

Electriceye ⭐ 794

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

Kube Scan ⭐ 734

kube-scan: Octarine k8s cluster risk assessment tool

Chain Bench ⭐ 674

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

Securecodebox ⭐ 667

secureCodeBox (SCB) - continuous secure delivery out of the box

Zeuscloud ⭐ 628

Open Source Cloud Security

Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

Ggshield Action ⭐ 313

GitGuardian Shield GitHub Action - Find exposed credentials in your commits

By scanning CI/CD misconfigurations, Allero helps reduce production issues, harden your security posture and shift-left CI/CD from DevOps to developers.

Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).

Dastardly Github Action ⭐ 173

Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.

Security Skills Career Roadmap ⭐ 156

Skills and career roadmap for various security roles like appsec, cloud security, devsecops, security engineer, security researchers, pentesting, api security, network security, mobile security and so on.with helpful resources, guidelines

Squealer ⭐ 140

Telling tales on you for leaking secrets!

Git Alerts ⭐ 128

Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files

Awesome Containerized Security ⭐ 102

A collection of tools to improve your containerized apps security posture

Mixewayhub ⭐ 92

Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.

Deeptracy ⭐ 84

The Security Dependency Orchestrator Service

All-in-one tool for managing vulnerability reports from AppSec pipelines

Kubelight ⭐ 76

OWASP Kubernetes security and compliance tool [WIP]

Intercept ⭐ 74

INTERCEPT / Policy as Code Auditing / SAST for Code & APIs

Py Gitguardian ⭐ 68

Python API client library for the GitGuardian API

⚡ Fast Web Security Scanner written in Rust based on Lua Scripts 🌖 🦀

Brainiac ⭐ 53

BrainIAC uses static code analysis to analyze IAC code to detect security issues before deployment. This tool can scan for issues like security policy misconfigurations, insecure cloud-based services, and compliance issues.

Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runtime processes monitoring, automated actions based on configure-actions, analytics, alerting and also sharing detections with community. Maybe save from Ransomware. Shift-Left your threat detection. Shift Right threat elimination.

Introspector ⭐ 52

A schema and set of tools for using SQL to query cloud infrastructure.

Falco_extended_rules ⭐ 49

Curating Falco rules with MITRE ATT&CK Matrix

Ochrona Cli ⭐ 48

A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

Curated list of security tools

Faraday_plugins ⭐ 36

Security tools report parsers for Faradaysec.com

Cybersecurity Devsecops ⭐ 29

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about DevSecOps in Cybersecurity.

Secure Pipeline Java Demo ⭐ 28

PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.

Secusphere ⭐ 26

Efficient DevSecOps

Detect Sensitive REST API communication using Deep Neural Networks

Fortify Plugin ⭐ 23

Fortify Jenkins plugin

Actions Secrets ⭐ 22

Adding this GitHub Action will scan your repository for sensitive data in your source code. We find things like passwords, server host strings, API keys, .env and config files and more

Secobserve ⭐ 22

SecObserve is an open source vulnerability management system for software development teams that supports a variety of open source vulnerability scanners and integrates easily into CI/CD pipelines.

Securecodebox V2 ⭐ 21

This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.

CLI to interact with Kondukto

Pyraider ⭐ 15

Using PyRaider You can scan installed dependencies known security vulnerabilities. It uses publicly known exploits, vulnerabilities database.

Docktor is a Web App that deploys an easy-to-use kit of analysis and scanning tools.

Application security made easy

Actions Code ⭐ 11

A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition analysis).

Redjoust ⭐ 11

A quick and easy to use security reconnaissance webapp tool, does OSINT, analysis and red-teaming in both passive and active mode. Written in nodeJS and Electron.

Actions Log4j ⭐ 11

A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.

Prismacloud Demo ⭐ 10

Complete CNAPP Demo using Prisma Cloud

Contrast Continuous Application Security Plugin ⭐ 10

Jenkins Plugin from Contrast Security

Devsecops Template ⭐ 9

Set of security tools that can be integrated in Jenkins pipelines.

Webscripts ⭐ 8

This tool runs scripts and display the result in a Web Interface.

Swiss Army Knife SAST Toolkit

Credential Detector ⭐ 7

An easy-to-use and highly configurable tool that allows you to scan projects to detect potentially hard-coded credentials.

Secure Devex22 ⭐ 7

Demo repository for my talk at the Heise Developer Experience 2022 conference.

Dsp Appsec Infrastructure Apps ⭐ 5

This repository hosts DSP AppSec internal infrastructure apps deployed in GKE.

A Docker Container that simplifies penetration testing

Devsecopsbuilder ⭐ 5

Automatic DevSecOps builder

Mavendependencycheck ⭐ 5

An automation script to run OWASP Dependency-Check on multiple Maven Based projects.

Related Searches

Python Security Tools (592)

1-71 of 71 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2025 Awesome Open Source. All rights reserved.