Awesome Open Source

Programming Languages

Search results for security tools devsecops

security-tools x

77 search results found

Trivy ⭐ 20,160

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Gitleaks ⭐ 15,221

Protect and discover secrets using Gitleaks 🔑

Trufflehog ⭐ 13,788

Find and verify credentials

Prowler ⭐ 9,547

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

Threatmapper ⭐ 4,534

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

Terrascan ⭐ 4,500

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Secretscanner ⭐ 2,900

🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓

Containerssh ⭐ 2,504

ContainerSSH: Launch containers on demand

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

Bearer ⭐ 1,554

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Lunasec ⭐ 1,355

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunase

Noseyparker ⭐ 1,313

Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.

Cve Bin Tool ⭐ 997

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

Awesome Php Security ⭐ 886

Awesome PHP Security Resources 🕶🐘🔐

Electriceye ⭐ 794

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

Kube Scan ⭐ 734

kube-scan: Octarine k8s cluster risk assessment tool

Chain Bench ⭐ 674

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

Dep Scan ⭐ 673

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

Betterscan Ce ⭐ 673

Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

Securecodebox ⭐ 667

secureCodeBox (SCB) - continuous secure delivery out of the box

Zeuscloud ⭐ 628

Open Source Cloud Security

Packj stops ⚡ Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

Openappsec ⭐ 557

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

Njsscan ⭐ 318

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Ggshield Action ⭐ 313

GitGuardian Shield GitHub Action - Find exposed credentials in your commits

By scanning CI/CD misconfigurations, Allero helps reduce production issues, harden your security posture and shift-left CI/CD from DevOps to developers.

Burp Automator - A Burp Suite Automation Tool. It provides a high level CLI and Python interfaces to Burp Suite scanner and can be used to setup Dynamic Application Security Testing (DAST).

Dastardly Github Action ⭐ 173

Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.

Nmap Formatter ⭐ 165

A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot) or sqlite. Simply put it's nmap converter.

Security Skills Career Roadmap ⭐ 156

Skills and career roadmap for various security roles like appsec, cloud security, devsecops, security engineer, security researchers, pentesting, api security, network security, mobile security and so on.with helpful resources, guidelines

Squealer ⭐ 140

Telling tales on you for leaking secrets!

Git Alerts ⭐ 128

Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files

Awesome Containerized Security ⭐ 102

A collection of tools to improve your containerized apps security posture

Mixewayhub ⭐ 92

Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.

Deeptracy ⭐ 84

The Security Dependency Orchestrator Service

Kubelight ⭐ 76

OWASP Kubernetes security and compliance tool [WIP]

All-in-one tool for managing vulnerability reports from AppSec pipelines

Intercept ⭐ 74

INTERCEPT / Policy as Code Auditing / SAST for Code & APIs

Py Gitguardian ⭐ 68

Python API client library for the GitGuardian API

⚡ Fast Web Security Scanner written in Rust based on Lua Scripts 🌖 🦀

Brainiac ⭐ 53

BrainIAC uses static code analysis to analyze IAC code to detect security issues before deployment. This tool can scan for issues like security policy misconfigurations, insecure cloud-based services, and compliance issues.

Introspector ⭐ 52

A schema and set of tools for using SQL to query cloud infrastructure.

Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runtime processes monitoring, automated actions based on configure-actions, analytics, alerting and also sharing detections with community. Maybe save from Ransomware. Shift-Left your threat detection. Shift Right threat elimination.

Falco_extended_rules ⭐ 49

Curating Falco rules with MITRE ATT&CK Matrix

Ochrona Cli ⭐ 48

A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

Faraday_plugins ⭐ 36

Security tools report parsers for Faradaysec.com

Curated list of security tools

Faraday_agent_dispatcher ⭐ 30

Faraday Agent Dispatcher launches any security tools and send results to Faradaysec Platform.

Cybersecurity Devsecops ⭐ 29

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about DevSecOps in Cybersecurity.

PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.

Secure Pipeline Java Demo ⭐ 28

Secusphere ⭐ 26

Efficient DevSecOps

Detect Sensitive REST API communication using Deep Neural Networks

Fortify Plugin ⭐ 23

Fortify Jenkins plugin

Actions Secrets ⭐ 22

Adding this GitHub Action will scan your repository for sensitive data in your source code. We find things like passwords, server host strings, API keys, .env and config files and more

Secobserve ⭐ 22

SecObserve is an open source vulnerability management system for software development teams that supports a variety of open source vulnerability scanners and integrates easily into CI/CD pipelines.

Securecodebox V2 ⭐ 21

This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.

CLI to interact with Kondukto

Pyraider ⭐ 15

Using PyRaider You can scan installed dependencies known security vulnerabilities. It uses publicly known exploits, vulnerabilities database.

Docktor is a Web App that deploys an easy-to-use kit of analysis and scanning tools.

Application security made easy

Actions Code ⭐ 11

A GitHub Action for using SecureStack to analyse a repository codebase for vulnerabilities in library dependencies (software composition analysis).

Repo Visibility Alert Action ⭐ 11

Action that alerts org owners of a repository made public. See upcoming `repo-visibility-toggle-sms-action` to toggle it back via SMS reply.

Actions Log4j ⭐ 11

A GitHub Action that scans your public web applications for log4j vulnerabilities after every deployment. Add this to your dev, staging and prod steps and SecureStack will make sure that what you've just deployed is secure and meets your requirements.

Redjoust ⭐ 11

A quick and easy to use security reconnaissance webapp tool, does OSINT, analysis and red-teaming in both passive and active mode. Written in nodeJS and Electron.

Prismacloud Demo ⭐ 10

Complete CNAPP Demo using Prisma Cloud

Contrast Continuous Application Security Plugin ⭐ 10

Jenkins Plugin from Contrast Security

Devsecops Template ⭐ 9

Set of security tools that can be integrated in Jenkins pipelines.

Webscripts ⭐ 8

This tool runs scripts and display the result in a Web Interface.

Credential Detector ⭐ 7

An easy-to-use and highly configurable tool that allows you to scan projects to detect potentially hard-coded credentials.

Swiss Army Knife SAST Toolkit

Secure Devex22 ⭐ 7

Demo repository for my talk at the Heise Developer Experience 2022 conference.

Mavendependencycheck ⭐ 5

An automation script to run OWASP Dependency-Check on multiple Maven Based projects.

A Docker Container that simplifies penetration testing

Devsecopsbuilder ⭐ 5

Automatic DevSecOps builder

Dsp Appsec Infrastructure Apps ⭐ 5

This repository hosts DSP AppSec internal infrastructure apps deployed in GKE.

Related Searches

Python Security Tools (592)

1-77 of 77 search results

Privacy | About | Terms | Follow Us On Twitter

Copyright 2018-2024 Awesome Open Source. All rights reserved.