Awesome Open Source

Programming Languages

Search results for security devsecops

218 search results found

Trivy ⭐ 20,160

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Gitleaks ⭐ 15,221

Protect and discover secrets using Gitleaks 🔑

Trufflehog ⭐ 13,788

Find and verify credentials

Prowler ⭐ 9,534

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

Netmaker ⭐ 8,629

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

Tfsec ⭐ 6,548

Security scanner for your Terraform code

Steampipe ⭐ 6,061

Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

Firezone ⭐ 5,867

WireGuard®-based zero trust access platform that supports OIDC authentication, 2FA, user/group sync, and requires zero firewall configuration.

Devsecops ⭐ 5,090

Ultimate DevSecOps library

Terrascan ⭐ 4,500

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Faraday ⭐ 4,422

Open Source Vulnerability Management Platform

Awesome Devsecops ⭐ 4,175

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

Kubernetes Goat ⭐ 3,694

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Bunkerweb ⭐ 3,410

🛡️ Make your web services secure by default !

Django Defectdojo ⭐ 3,336

DevSecOps, ASPM, Vulnerability Management. All on one platform.

Dalfox ⭐ 3,047

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Secretscanner ⭐ 2,900

🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓

Openrasp ⭐ 2,638

🔥Open source RASP solution

Containerssh ⭐ 2,504

ContainerSSH: Launch containers on demand

Nodejsscan ⭐ 2,275

nodejsscan is a static security code scanner for Node.js applications.

Dependency Track ⭐ 2,119

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

Cicd Goat ⭐ 1,723

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

Devsecops Playbook ⭐ 1,713

This is a step-by-step guide to implementing a DevSecOps program for any size organization

Bearer ⭐ 1,554

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Ggshield ⭐ 1,474

Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

Devsecops ⭐ 1,451

♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎

Container Security Checklist ⭐ 1,428

Checklist for container security - devsecops practices

Collection Document ⭐ 1,416

Collection of quality safety articles. Awesome articles.

Lunasec ⭐ 1,355

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunase

Noseyparker ⭐ 1,313

Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.

Awesome Threat Modelling ⭐ 1,148

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

Awesome Devsecops ⭐ 1,128

Curating the best DevSecOps resources and tooling.

Wrongsecrets ⭐ 1,107

Vulnerable app with examples showing how to not use secrets

Cve Bin Tool ⭐ 997

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

Opensca Cli ⭐ 964

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

Cmsscan ⭐ 922

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

Awesome Php Security ⭐ 886

Awesome PHP Security Resources 🕶🐘🔐

Electriceye ⭐ 794

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

Kube Scan ⭐ 734

kube-scan: Octarine k8s cluster risk assessment tool

Legitify ⭐ 689

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

Copacetic ⭐ 679

🧵 CLI tool for directly patching container images using reports from vulnerability scanners

Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

Chain Bench ⭐ 674

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

Securecodebox ⭐ 667

secureCodeBox (SCB) - continuous secure delivery out of the box

Awesome Cybersecurity Blueteam Cn ⭐ 659

网络安全 · 攻防对抗 · 蓝队清单，中文版

Zeuscloud ⭐ 628

Open Source Cloud Security

Trivy Action ⭐ 613

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities

Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

Devsecopsguideline ⭐ 567

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

Threagile ⭐ 524

Agile Threat Modeling Toolkit

Application Security Automation

Whispers ⭐ 457

Identify hardcoded secrets in static structured text

Attack surface detector that identifies endpoints by static analysis

Aws Security Automation ⭐ 442

Collection of scripts and resources for DevSecOps and Automated Incident Response Security

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

Github Actions Goat ⭐ 369

GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

Reconmap ⭐ 368

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Bootcamp ⭐ 362

A open contribute bootcamp to develop DevSecOps skills...

Lightweight static analyzer for several programming languages

Pycharm Security ⭐ 321

Finds security holes in your Python projects from PyCharm and GitHub

Njsscan ⭐ 318

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Hunter作为中通DevSecOps闭环方案中的一环，扮演着很重要的角色，开源之后希望能帮助到更多

Kubernetes Security Checklist ⭐ 304

Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)

🦉🔎 A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration

Action Baseline ⭐ 280

A GitHub Action for running the ZAP Baseline scan

Falconpy ⭐ 271

The CrowdStrike Falcon SDK for Python

Lzone Cheat Sheets ⭐ 268

A collection of SRE / DevOps / system architecture cheat sheets hosted on https://lzone.de

Threatplaybook ⭐ 266

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

Sbt Dependency Check ⭐ 259

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Apicheck ⭐ 254

The DevSecOps toolset for REST APIs

Chopchop ⭐ 245

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

Action Full Scan ⭐ 237

A GitHub Action for running the ZAP Full scan

Chainloop ⭐ 225

Chainloop is an open source software supply chain control plane, a single source of truth for artifacts plus a declarative attestation crafting process.

Awesome Devsecops Russia ⭐ 221

Awesome DevSecOps на русском языке

Porch Pirate ⭐ 215

Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collections, requests, users and teams. Porch Pirate can be used as a client or be incorporated into your own applications.

Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.

Allinfosecnews_sources ⭐ 212

A list of online news & info sources in the InfoSec/Cybersecurity space

Aws Firewall Factory ⭐ 205

Easily improve the security of your web applications with aws firewall factory. Protect your valuable assets with seamless WAF deployment, updates, and staging, all efficiently managed centrally with Firewall Manager.

By scanning CI/CD misconfigurations, Allero helps reduce production issues, harden your security posture and shift-left CI/CD from DevOps to developers.

Simple message routing system that receives input messages through a webhook interface and can enforce actions using predefined outputs via integrations.

Checkov Action ⭐ 188

This GitHub Action runs Checkov against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.

Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).

Application Security Engineer Interview Questions ⭐ 174

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Docker Security Images ⭐ 173

🔐 Docker Container for Penetration Testing & Security

Patches ⭐ 168

A centralized repository of standalone security patches for open source libraries.

Nmap Formatter ⭐ 165

A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot) or sqlite. Simply put it's nmap converter.

Riskassessmentframework ⭐ 161

The Secure Coding Framework

Securitydemos ⭐ 161

Security Skills Career Roadmap ⭐ 156

Skills and career roadmap for various security roles like appsec, cloud security, devsecops, security engineer, security researchers, pentesting, api security, network security, mobile security and so on.with helpful resources, guidelines

Tool to achieve policy driven vetting of open source dependencies

Preflight ⭐ 141

preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack.

Squealer ⭐ 140

Telling tales on you for leaking secrets!

Sonarqube Action ⭐ 131

Integrate SonarQube scanner to GitHub Actions

Git Alerts ⭐ 128

Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files

Advanced Security Compliance ⭐ 121

GitHub Advance Security Compliance Action

The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines

Kubernetes Common Configuration Scoring System

Vals Operator ⭐ 105

Kubernetes Operator to sync secrets between different secret backends and Kubernetes

Devsecops ⭐ 90

This repository contains information about DevSecOps and how to get involved in this community effort.

Related Searches

Security Vulnerabilities (12,295)

Laravel Security (11,580)

Php Security (10,611)

Javascript Security (2,859)

Java Security (2,531)

Html Security (2,284)

Python Security (1,733)

Golang Security (1,316)

Shell Security (1,213)

Security Penetration Testing (920)

1-100 of 218 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.