Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for security devsecops
devsecops
x
security
x
218 search results found
Trivy
⭐
20,160
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Gitleaks
⭐
15,221
Protect and discover secrets using Gitleaks 🔑
Trufflehog
⭐
13,788
Find and verify credentials
Prowler
⭐
9,534
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
Netmaker
⭐
8,629
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Tfsec
⭐
6,548
Security scanner for your Terraform code
Steampipe
⭐
6,061
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Firezone
⭐
5,867
WireGuard®-based zero trust access platform that supports OIDC authentication, 2FA, user/group sync, and requires zero firewall configuration.
Devsecops
⭐
5,090
Ultimate DevSecOps library
Terrascan
⭐
4,500
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Faraday
⭐
4,422
Open Source Vulnerability Management Platform
Awesome Devsecops
⭐
4,175
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
Kubernetes Goat
⭐
3,694
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Bunkerweb
⭐
3,410
🛡️ Make your web services secure by default !
Django Defectdojo
⭐
3,336
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Dalfox
⭐
3,047
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Secretscanner
⭐
2,900
🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓
Openrasp
⭐
2,638
🔥Open source RASP solution
Containerssh
⭐
2,504
ContainerSSH: Launch containers on demand
Nodejsscan
⭐
2,275
nodejsscan is a static security code scanner for Node.js applications.
Dependency Track
⭐
2,119
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Kics
⭐
1,882
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Cicd Goat
⭐
1,723
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
Devsecops Playbook
⭐
1,713
This is a step-by-step guide to implementing a DevSecOps program for any size organization
Bearer
⭐
1,554
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Ggshield
⭐
1,474
Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Devsecops
⭐
1,451
♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
Container Security Checklist
⭐
1,428
Checklist for container security - devsecops practices
Collection Document
⭐
1,416
Collection of quality safety articles. Awesome articles.
Lunasec
⭐
1,355
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunase
Noseyparker
⭐
1,313
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
Awesome Threat Modelling
⭐
1,148
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Awesome Devsecops
⭐
1,128
Curating the best DevSecOps resources and tooling.
Wrongsecrets
⭐
1,107
Vulnerable app with examples showing how to not use secrets
Cve Bin Tool
⭐
997
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
Opensca Cli
⭐
964
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
Cmsscan
⭐
922
CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
Awesome Php Security
⭐
886
Awesome PHP Security Resources 🕶🐘🔐
Electriceye
⭐
794
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks
Kube Scan
⭐
734
kube-scan: Octarine k8s cluster risk assessment tool
Legitify
⭐
689
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
Copacetic
⭐
679
🧵 CLI tool for directly patching container images using reports from vulnerability scanners
Akto
⭐
676
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
Chain Bench
⭐
674
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Securecodebox
⭐
667
secureCodeBox (SCB) - continuous secure delivery out of the box
Awesome Cybersecurity Blueteam Cn
⭐
659
网络安全 · 攻防对抗 · 蓝队清单,中文版
Zeuscloud
⭐
628
Open Source Cloud Security
Trivy Action
⭐
613
Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities
Packj
⭐
573
Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Devsecopsguideline
⭐
567
The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
Threagile
⭐
524
Agile Threat Modeling Toolkit
Glue
⭐
497
Application Security Automation
Whispers
⭐
457
Identify hardcoded secrets in static structured text
Noir
⭐
457
Attack surface detector that identifies endpoints by static analysis
Aws Security Automation
⭐
442
Collection of scripts and resources for DevSecOps and Automated Incident Response Security
Bomber
⭐
406
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
Github Actions Goat
⭐
369
GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
Reconmap
⭐
368
Vulnerability assessment and penetration testing automation and reporting platform for teams.
Bootcamp
⭐
362
A open contribute bootcamp to develop DevSecOps skills...
Shisho
⭐
358
Lightweight static analyzer for several programming languages
Pycharm Security
⭐
321
Finds security holes in your Python projects from PyCharm and GitHub
Njsscan
⭐
318
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Hunter
⭐
311
Hunter作为中通DevSecOps闭环方案中的一环,扮演着很重要的角色,开源之后希望能帮助到更多
Kubernetes Security Checklist
⭐
304
Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)
Yatas
⭐
299
🦉🔎 A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
Action Baseline
⭐
280
A GitHub Action for running the ZAP Baseline scan
Falconpy
⭐
271
The CrowdStrike Falcon SDK for Python
Lzone Cheat Sheets
⭐
268
A collection of SRE / DevOps / system architecture cheat sheets hosted on https://lzone.de
Threatplaybook
⭐
266
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Sbt Dependency Check
⭐
259
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Apicheck
⭐
254
The DevSecOps toolset for REST APIs
Chopchop
⭐
245
ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
Action Full Scan
⭐
237
A GitHub Action for running the ZAP Full scan
Chainloop
⭐
225
Chainloop is an open source software supply chain control plane, a single source of truth for artifacts plus a declarative attestation crafting process.
Awesome Devsecops Russia
⭐
221
Awesome DevSecOps на русском языке
Porch Pirate
⭐
215
Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collections, requests, users and teams. Porch Pirate can be used as a client or be incorporated into your own applications.
Casr
⭐
214
Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.
Allinfosecnews_sources
⭐
212
A list of online news & info sources in the InfoSec/Cybersecurity space
Aws Firewall Factory
⭐
205
Easily improve the security of your web applications with aws firewall factory. Protect your valuable assets with seamless WAF deployment, updates, and staging, all efficiently managed centrally with Firewall Manager.
Allero
⭐
199
By scanning CI/CD misconfigurations, Allero helps reduce production issues, harden your security posture and shift-left CI/CD from DevOps to developers.
Postee
⭐
194
Simple message routing system that receives input messages through a webhook interface and can enforce actions using predefined outputs via integrations.
Checkov Action
⭐
188
This GitHub Action runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.
Burpa
⭐
177
Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).
Application Security Engineer Interview Questions
⭐
174
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Docker Security Images
⭐
173
🔐 Docker Container for Penetration Testing & Security
Patches
⭐
168
A centralized repository of standalone security patches for open source libraries.
Nmap Formatter
⭐
165
A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot) or sqlite. Simply put it's nmap converter.
Riskassessmentframework
⭐
161
The Secure Coding Framework
Securitydemos
⭐
161
Security Skills Career Roadmap
⭐
156
Skills and career roadmap for various security roles like appsec, cloud security, devsecops, security engineer, security researchers, pentesting, api security, network security, mobile security and so on.with helpful resources, guidelines
Vet
⭐
144
Tool to achieve policy driven vetting of open source dependencies
Preflight
⭐
141
preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack.
Squealer
⭐
140
Telling tales on you for leaking secrets!
Sonarqube Action
⭐
131
Integrate SonarQube scanner to GitHub Actions
Git Alerts
⭐
128
Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
Advanced Security Compliance
⭐
121
GitHub Advance Security Compliance Action
Saf
⭐
118
The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines
Kccss
⭐
111
Kubernetes Common Configuration Scoring System
Vals Operator
⭐
105
Kubernetes Operator to sync secrets between different secret backends and Kubernetes
Devsecops
⭐
90
This repository contains information about DevSecOps and how to get involved in this community effort.
Related Searches
Security Vulnerabilities (12,295)
Laravel Security (11,580)
Php Security (10,611)
Javascript Security (2,859)
Java Security (2,531)
Html Security (2,284)
Python Security (1,733)
Golang Security (1,316)
Shell Security (1,213)
Security Penetration Testing (920)
1-100 of 218 search results
Next >
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.