Awesome Open Source
Search
Programming Languages
Languages
All Categories
Categories
About
Search results for security tools devsecops
devsecops
x
security-tools
x
77 search results found
Trivy
⭐
20,160
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Gitleaks
⭐
15,221
Protect and discover secrets using Gitleaks 🔑
Trufflehog
⭐
13,788
Find and verify credentials
Prowler
⭐
9,547
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
Threatmapper
⭐
4,534
Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
Terrascan
⭐
4,500
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Secretscanner
⭐
2,900
🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓
Containerssh
⭐
2,504
ContainerSSH: Launch containers on demand
Kics
⭐
1,882
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Bearer
⭐
1,554
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Lunasec
⭐
1,355
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunase
Noseyparker
⭐
1,313
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
Cve Bin Tool
⭐
997
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
Awesome Php Security
⭐
886
Awesome PHP Security Resources 🕶🐘🔐
Electriceye
⭐
794
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks
Kube Scan
⭐
734
kube-scan: Octarine k8s cluster risk assessment tool
Chain Bench
⭐
674
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Dep Scan
⭐
673
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
Betterscan Ce
⭐
673
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
Securecodebox
⭐
667
secureCodeBox (SCB) - continuous secure delivery out of the box
Zeuscloud
⭐
628
Open Source Cloud Security
Packj
⭐
573
Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Openappsec
⭐
557
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Bomber
⭐
406
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
Njsscan
⭐
318
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Ggshield Action
⭐
313
GitGuardian Shield GitHub Action - Find exposed credentials in your commits
Allero
⭐
199
By scanning CI/CD misconfigurations, Allero helps reduce production issues, harden your security posture and shift-left CI/CD from DevOps to developers.
Burpa
⭐
177
Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).
Dastardly Github Action
⭐
173
Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.
Nmap Formatter
⭐
165
A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot) or sqlite. Simply put it's nmap converter.
Security Skills Career Roadmap
⭐
156
Skills and career roadmap for various security roles like appsec, cloud security, devsecops, security engineer, security researchers, pentesting, api security, network security, mobile security and so on.with helpful resources, guidelines
Squealer
⭐
140
Telling tales on you for leaking secrets!
Git Alerts
⭐
128
Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
Awesome Containerized Security
⭐
102
A collection of tools to improve your containerized apps security posture
Mixewayhub
⭐
92
Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.
Deeptracy
⭐
84
The Security Dependency Orchestrator Service
Kubelight
⭐
76
OWASP Kubernetes security and compliance tool [WIP]
Purify
⭐
76
All-in-one tool for managing vulnerability reports from AppSec pipelines
Intercept
⭐
74
INTERCEPT / Policy as Code Auditing / SAST for Code & APIs
Py Gitguardian
⭐
68
Python API client library for the GitGuardian API
Lotus
⭐
56
⚡ Fast Web Security Scanner written in Rust based on Lua Scripts 🌖 🦀
Brainiac
⭐
53
BrainIAC uses static code analysis to analyze IAC code to detect security issues before deployment. This tool can scan for issues like security policy misconfigurations, insecure cloud-based services, and compliance issues.
Introspector
⭐
52
A schema and set of tools for using SQL to query cloud infrastructure.
Tarian
⭐
52
Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runtime processes monitoring, automated actions based on configure-actions, analytics, alerting and also sharing detections with community. Maybe save from Ransomware. Shift-Left your threat detection. Shift Right threat elimination.
Falco_extended_rules
⭐
49
Curating Falco rules with MITRE ATT&CK Matrix
Ochrona Cli
⭐
48
A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
Faraday_plugins
⭐
36
Security tools report parsers for Faradaysec.com
Tools
⭐
36
Curated list of security tools
Faraday_agent_dispatcher
⭐
30
Faraday Agent Dispatcher launches any security tools and send results to Faradaysec Platform.
Cybersecurity Devsecops
⭐
29
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about DevSecOps in Cybersecurity.
Pwn
⭐
28
PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.
Secure Pipeline Java Demo
⭐
28
Secusphere
⭐
26
Efficient DevSecOps
Privapi
⭐
25
Detect Sensitive REST API communication using Deep Neural Networks
Fortify Plugin
⭐
23
Fortify Jenkins plugin
Actions Secrets
⭐
22
Adding this GitHub Action will scan your repository for sensitive data in your source code. We find things like passwords, server host strings, API keys, .env and config files and more
Secobserve
⭐
22
SecObserve is an open source vulnerability management system for software development teams that supports a variety of open source vulnerability scanners and integrates easily into CI/CD pipelines.
Securecodebox V2
⭐
21
This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.
Kdt
⭐
18
CLI to interact with Kondukto
Pyraider
⭐
15
Using PyRaider You can scan installed dependencies known security vulnerabilities. It uses publicly known exploits, vulnerabilities database.
Docktor
⭐
12
Docktor is a Web App that deploys an easy-to-use kit of analysis and scanning tools.
Secr
⭐
12
Application security made easy
Actions Code
⭐
11
A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition analysis).
Repo Visibility Alert Action
⭐
11
Action that alerts org owners of a repository made public. See upcoming `repo-visibility-toggle-sms-action` to toggle it back via SMS reply.
Actions Log4j
⭐
11
A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.
Redjoust
⭐
11
A quick and easy to use security reconnaissance webapp tool, does OSINT, analysis and red-teaming in both passive and active mode. Written in nodeJS and Electron.
Prismacloud Demo
⭐
10
Complete CNAPP Demo using Prisma Cloud
Contrast Continuous Application Security Plugin
⭐
10
Jenkins Plugin from Contrast Security
Devsecops Template
⭐
9
Set of security tools that can be integrated in Jenkins pipelines.
Webscripts
⭐
8
This tool runs scripts and display the result in a Web Interface.
Credential Detector
⭐
7
An easy-to-use and highly configurable tool that allows you to scan projects to detect potentially hard-coded credentials.
Patronus
⭐
7
Swiss Army Knife SAST Toolkit
Secure Devex22
⭐
7
Demo repository for my talk at the Heise Developer Experience 2022 conference.
Mavendependencycheck
⭐
5
An automation script to run OWASP Dependency-Check on multiple Maven Based projects.
Orionops
⭐
5
A Docker Container that simplifies penetration testing
Devsecopsbuilder
⭐
5
Automatic DevSecOps builder
Dsp Appsec Infrastructure Apps
⭐
5
This repository hosts DSP AppSec internal infrastructure apps deployed in GKE.
Related Searches
Python Security Tools (592)
1-77 of 77 search results
Privacy
|
About
|
Terms
|
Follow Us On Twitter
Copyright 2018-2024 Awesome Open Source. All rights reserved.