101 Open source projects that are alternatives of or similar to Awesome Devsecops_ru

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

This repository includes cloud security policies for IaC and live resources.

Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.

GitHub Advance Security Compliance Action

tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Protect and discover secrets using Gitleaks 🔑

Application Security Automation

Git Anti-Virus Scan Action - Detect trojans, viruses, malware & other malicious threats.

Build a CI/CD for Microservices and Serverless Functions in AWS ☁️

Growing repository of Infrastructure as Code demos (initially created for DevOps Wall Street)

Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.

Hunter作为中通DevSecOps闭环方案中的一环，扮演着很重要的角色，开源之后希望能帮助到更多企业。

Vulnerability assessment and penetration testing automation and reporting platform for teams.

kube-scan: Octarine k8s cluster risk assessment tool

GitHub Data Loss Prevention (DLP) Action: Scan Pull Requests for sensitive data, like credentials & secrets, PII, credit card numbers, and more.

IAST 灰盒扫描工具

🤖 Run a Mayhem for API scan in GitHub Actions

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

An open source, multi-cloud DevSecOps compliance checker

⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana

La intención de la workshop es mostrar y orientar a los equipos de desarrollo, seguridad y devops (entre otros) que quieran comenzar en DevSecOps, a segurar sus aplicaciones o bien a conocer un poco más acerca del desarrollo seguro, para esto, estaremos otorgando algunos tips e información que fuimos aprendiendo para armar un Pipeline DevSecOps …

Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)

Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.

Best practices and integrations available for Spring Boot based Microservice in a single repository.

Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)

☁️Haven GRC - easier governance, risk, and compliance 👨‍⚕️👮‍♀️🦸‍♀️🕵️‍♀️👩‍🔬

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.

Awesome PHP Security Resources 🕶🐘🔐

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

secureCodeBox (SCB) - continuous secure delivery out of the box

Integrate SonarQube scanner to GitHub Actions

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

CdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository. CdkGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Improve your code security by running different security checks/validation in a simple way.

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

Deploy, update, and stage your WAFs while managing them centrally via FMS.

Helps you continuously monitor and fix common security vulnerabilities in your Django application.

INTERCEPT / Policy as Code Static Analysis Auditing / SAST

Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.

A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

All that is required to run MobSF in the ci

Внедрение и эксплуатация PT Application Inspector. Подробнее: https://habr.com/ru/company/pt/blog/557142/

Identify vulnerabilities in running containers, images, hosts and repositories

Checklist for container security - devsecops practices

A GDPR Data Protection Impact Assessment (DPIA) tool to assist organisations to evaluate data protection risks with respect to the EU's General Data Protection Regulation. 🇪🇺

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

Simple message routing system that receives input messages through a webhook interface and can enforce actions using predefined outputs via integrations.

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

Test and monitor your projects for vulnerabilities with Jenkins. This plugin is officially maintained by Snyk.

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.

Knowledge seeks no man

A DevSecOps framework powered by Nix.