Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for python devsecops
devsecops
x
python
x
91 search results found
Prowler
⭐
9,547
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
Faraday
⭐
4,422
Open Source Vulnerability Management Platform
Django Defectdojo
⭐
3,336
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Cicd Goat
⭐
1,723
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
Ggshield
⭐
1,474
Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Cve Bin Tool
⭐
997
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
Electriceye
⭐
794
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks
Sast Scan
⭐
697
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Packj
⭐
573
Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Devsecopsguideline
⭐
567
The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
Whispers
⭐
457
Identify hardcoded secrets in static structured text
Aws Security Automation
⭐
442
Collection of scripts and resources for DevSecOps and Automated Incident Response Security
Njsscan
⭐
318
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Hunter
⭐
311
Hunter作为中通DevSecOps闭环方案中的一环,扮演着很重要的角色,开源之后希望能帮助到更多
Tfquery
⭐
277
tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.
Falconpy
⭐
271
The CrowdStrike Falcon SDK for Python
Threatplaybook
⭐
266
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Apicheck
⭐
254
The DevSecOps toolset for REST APIs
Hammer
⭐
234
Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)
Qodana Action
⭐
232
⚙️ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle
Porch Pirate
⭐
215
Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collections, requests, users and teams. Porch Pirate can be used as a client or be incorporated into your own applications.
Burpa
⭐
177
Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).
Anteater
⭐
174
Anteater - CI/CD Gate Check Framework
Gitgoat
⭐
152
GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repositories without a risk to your production environment.
Qodana Cli
⭐
150
🔧 JetBrains Qodana’s official command line tool
Advanced Security Compliance
⭐
121
GitHub Advance Security Compliance Action
Dockerfile Security
⭐
88
Static security checker for Dockerfiles
Kubelight
⭐
76
OWASP Kubernetes security and compliance tool [WIP]
Aws Container Devsecops Workshop
⭐
73
This workshop is designed to help attendees understand the security concerns of container images and learn how to create a devsecops pipeline for securely building and releasing images.
Py Gitguardian
⭐
68
Python API client library for the GitGuardian API
Introspector
⭐
52
A schema and set of tools for using SQL to query cloud infrastructure.
Vimana Framework
⭐
50
Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.
Rapidast
⭐
49
RapiDAST enables simple, continuous and fully automated application security testing
Falco_extended_rules
⭐
49
Curating Falco rules with MITRE ATT&CK Matrix
Ochrona Cli
⭐
48
A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
Auditree Framework
⭐
42
The Auditree framework tool to run compliance control checks as unit tests.
Iac Scan Runner
⭐
38
Service that scans your Infrastructure as Code for common vulnerabilities
Faraday_plugins
⭐
36
Security tools report parsers for Faradaysec.com
Aws Devsecops Factory
⭐
34
Sample DevSecOps pipelines (heavily biased on the "Sec") for various stacks and tools using open-source security tools and AWS native services
Cdkgoat
⭐
34
CdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository. CdkGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Eks Creation Engine
⭐
33
The Amazon Elastic Kubernetes Service (EKS) Creation Engine (ECE) is a Python command-line program created by the Lightspin Office of the CISO to facilitate the creation and enablement of secure EKS Clusters.
Caracara
⭐
32
Developer enhancements (DX) for FalconPy, the CrowdStrike Python SDK
Reapsaw
⭐
32
Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
Faraday_agent_dispatcher
⭐
30
Faraday Agent Dispatcher launches any security tools and send results to Faradaysec Platform.
Nginx Declarative Api
⭐
30
Declarative REST API and GitOps automation layer for NGINX Instance Manager
Faraday Cli
⭐
30
Faraday's Command Line Interface
Clinv
⭐
27
DevSecOps command line asset inventory tool
Offat
⭐
27
Tests your API automatically for common API vulnerabilities. Project is still Work In Progress. PRs are appreciated.
Secusphere
⭐
26
Efficient DevSecOps
Privapi
⭐
25
Detect Sensitive REST API communication using Deep Neural Networks
Apicheck
⭐
25
Perimeterator
⭐
24
'Continuous' AWS perimeter monitoring: Periodically scan internet facing AWS resources to detect misconfigured services.
Pythonsecuritypipeline
⭐
24
DevSecOps pipeline for Python based project using Jenkins, Ansible, AWS, and open-source security tools and checks.
Ai Threat Modeling Action
⭐
22
AI featured threat modeling and security review action
Secobserve
⭐
22
SecObserve is an open source vulnerability management system for software development teams that supports a variety of open source vulnerability scanners and integrates easily into CI/CD pipelines.
Sbom4python
⭐
21
A tool to generate a SBOM (Software Bill of Materials) for an installed Python module
Sbomdiff
⭐
16
This tool compares two Software Bill of Materials (SBOMs) and reports the differences.
Ado Course
⭐
16
Code repository for Mastering YAML pipelines Udemy course
Pyraider
⭐
15
Using PyRaider You can scan installed dependencies known security vulnerabilities. It uses publicly known exploits, vulnerabilities database.
Cyberhall
⭐
15
🛡️ 🌐 🥷🏻 Everything CyberSecurity Related 🏴☠️ 👾 🕵🏾
Sslchecker
⭐
15
SSLChecker is a serverless API written in Python and running on Azure Functions. SSLChecker is used to identify obsolete versions of SSL/TLS (e.g., SSL 3.0, and TLS 1.0/1.1), or perform a full scan to identify all supported versions of SSL/TLS on an endpoint.
Devops Architect Bootcamp
⭐
12
DevOps Boot Camp
Sysadmin
⭐
12
the flow of time is always cruel
Sigsci_site_manager
⭐
11
Signal Sciences Site Manager
Lib4sbom
⭐
11
Library to ingest and generate SBOMs
Auditree Arboretum
⭐
11
The Auditree common fetchers, checks and harvest reports library.
Sbom2doc
⭐
10
Transform SBOM contents into a formatted document including markdown and PDF formats
Chatcve
⭐
10
ChatCVE is an app using the Langchain SQL Language Tool to give a LLM prompt experience to CVE and SBOM DevSecOps Triage Data
Ess Gitlab
⭐
10
Scanner for Gitlab Security Mis-Configurations
Silhouette
⭐
9
An Azure SPN access minimizer
Auditree Harvest
⭐
9
The Auditree data gathering and reporting tool.
Yes3
⭐
9
Whitelist intentionally-public buckets, block everything else
Recon4poor
⭐
8
Eazy recon for poor people without VPS or real computer.(Many thanks to Github) ❤️ D.A.O
Webscripts
⭐
8
This tool runs scripts and display the result in a Web Interface.
Blog
⭐
7
📃 My fastpages blog.
Patronus
⭐
7
Swiss Army Knife SAST Toolkit
Veracodecommunitysca
⭐
6
Seamlessly integrate Veracode Agent-Based SCA scans with Azure DevOps build or release pipelines.
Ssh Restricted
⭐
6
SSH-Restricted deploys an SSH compliance rule (AWS Config) with auto-remediation via AWS Lambda if SSH access is public.
Dongtai Openapi
⭐
6
DongTai-openapi is used to process probe registration, issue hook strategies, receive method call data/component data/error log/heartbeat data, issue vulnerability detection tasks, issue packet replay data, etc.
Owasp_zap_api_scripts
⭐
6
Preventive Security Controls In Pulumi Iac Pipeline
⭐
6
Sample code with security policies in Pulumi CrossGuard to implement preventive security checks in Infrastructure pipelines
Aws Compliancemachinedontstop
⭐
6
Proof of Value Terraform Scripts to utilize Amazon Web Services (AWS) Security, Identity & Compliance Services to Support your AWS Account Security Posture.
Automatedsecuritytesting_owaspzappythonapi
⭐
6
Automated Security testing using ZAP Python API. This can be used with any functional UI automation tool.
Aws Security Week Sf 2018
⭐
5
AWS Security Week SF - DevSecOps Lab by Dome9 - Automating CloudFormation templates validation
Auditree Plant
⭐
5
The Auditree tool for adding external evidence.
Prisma Cloud Pipeline
⭐
5
Export Prisma Cloud container findings to a CI pipeline, and identify un-triaged findings.
Mavendependencycheck
⭐
5
An automation script to run OWASP Dependency-Check on multiple Maven Based projects.
Cloudone Antimalware Python Sdk
⭐
5
Python library for the Cloud One Antimalware API.
Dongtai Core
⭐
5
Provides the Django Model class that the DongTai project depends on, the Django API abstract class of the DongTai project, the vulnerability detection engine, constants, documents, etc.
Dsp Appsec Infrastructure Apps
⭐
5
This repository hosts DSP AppSec internal infrastructure apps deployed in GKE.
Devsecopsbuilder
⭐
5
Automatic DevSecOps builder
Related Searches
Python Django (28,897)
Python Machine Learning (20,195)
Python Flask (17,643)
Python Dataset (14,792)
Python Docker (14,113)
Python Tensorflow (13,736)
Python Command Line (13,351)
Python Deep Learning (13,092)
Python Jupyter Notebook (12,976)
Python Network (11,495)
1-91 of 91 search results
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.