All Categories → Security → devsecops

Top 102 devsecops open source projects

Gg Shield Action
GitGuardian Shield GitHub Action - Find exposed credentials in your commits
Sast Scan
Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Chopchop
ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
Awesome Devsecops
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
Riskassessmentframework
The Secure Coding Framework
Checkov
Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Awesome Devsecops
Curating the best DevSecOps resources and tooling.
Sbt Dependency Check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Apicheck
The DevSecOps toolset for REST APIs
Threatplaybook
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Devsecops
🔱 Collection and Roadmap for everyone who wants DevSecOps.
Openrasp
🔥Open source RASP solution
Awesome Devsecops Russia
Awesome DevSecOps на русском языке
Njsscan
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Kccss
Kubernetes Common Configuration Scoring System
Devsecops
This repository contains information about DevSecOps and how to get involved in this community effort.
Mobile Security Framework Mobsf
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Awesome Devsecops ru
Подборка выступлений и публикаций на тему DevSecOps на русском и не только)
Reapsaw
Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
Kubernetes Goat
Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.
Cmsscan
CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
Dependency Track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Gg Shield
Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.
Terragoat
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Glue
Application Security Automation
Hammer
Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)
Awesome Threat Modelling
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Hunter
Hunter作为中通DevSecOps闭环方案中的一环,扮演着很重要的角色,开源之后希望能帮助到更多企业。
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Application Security Engineer Interview Questions
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Openrasp Iast
IAST 灰盒扫描工具
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
django-security-check
Helps you continuously monitor and fix common security vulnerabilities in your Django application.
big-bang
Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.
GDPRDPIAT
A GDPR Data Protection Impact Assessment (DPIA) tool to assist organisations to evaluate data protection risks with respect to the EU's General Data Protection Regulation. 🇪🇺
aws-pipeline
Build a CI/CD for Microservices and Serverless Functions in AWS ☁️
dependency-track-maven-plugin
Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
snyk-security-scanner-plugin
Test and monitor your projects for vulnerabilities with Jenkins. This plugin is officially maintained by Snyk.
makes
A DevSecOps framework powered by Nix.
1-60 of 102 devsecops projects