nmap-formatterA tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.
Stars: ✭ 129 (+108.06%)
introspectorA schema and set of tools for using SQL to query cloud infrastructure.
Stars: ✭ 61 (-1.61%)
perimeterator'Continuous' AWS perimeter monitoring: Periodically scan internet facing AWS resources to detect misconfigured services.
Stars: ✭ 59 (-4.84%)
privapiDetect Sensitive REST API communication using Deep Neural Networks
Stars: ✭ 42 (-32.26%)
lunasecLunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+1933.87%)
dep-scanFully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+458.06%)
kdtCLI to interact with Kondukto
Stars: ✭ 18 (-70.97%)
ggshield-actionGitGuardian Shield GitHub Action - Find exposed credentials in your commits
Stars: ✭ 304 (+390.32%)
DevSecOpsUltimate DevSecOps library
Stars: ✭ 4,450 (+7077.42%)
ggshieldFind and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Stars: ✭ 1,272 (+1951.61%)
prowlerProwler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+12877.42%)
Gg Shield ActionGitGuardian Shield GitHub Action - Find exposed credentials in your commits
Stars: ✭ 248 (+300%)
Sast ScanScan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Stars: ✭ 234 (+277.42%)
ChopchopChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
Stars: ✭ 227 (+266.13%)
Awesome DevsecopsAn authoritative list of awesome devsecops tools with the help from community experiments and contributions.
Stars: ✭ 2,805 (+4424.19%)
WhispersIdentify hardcoded secrets and dangerous behaviours
Stars: ✭ 66 (+6.45%)
ContainersshContainerSSH: Launch containers on demand
Stars: ✭ 195 (+214.52%)
CheckovPrevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+5661.29%)
Awesome DevsecopsCurating the best DevSecOps resources and tooling.
Stars: ✭ 188 (+203.23%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+201.61%)
ApicheckThe DevSecOps toolset for REST APIs
Stars: ✭ 184 (+196.77%)
ThreatplaybookA unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Stars: ✭ 173 (+179.03%)
Devsecops🔱 Collection and Roadmap for everyone who wants DevSecOps.
Stars: ✭ 171 (+175.81%)
ThreagileAgile Threat Modeling Toolkit
Stars: ✭ 162 (+161.29%)
Openrasp🔥Open source RASP solution
Stars: ✭ 2,036 (+3183.87%)
Nodejsscannodejsscan is a static security code scanner for Node.js applications.
Stars: ✭ 1,874 (+2922.58%)
ArcherysecCentralize Vulnerability Assessment and Management for DevSecOps Team
Stars: ✭ 1,802 (+2806.45%)
Django DefectdojoDefectDojo is an open-source application vulnerability correlation and security orchestration tool.
Stars: ✭ 1,926 (+3006.45%)
Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (+106.45%)
TerrascanDetect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Stars: ✭ 2,687 (+4233.87%)
KccssKubernetes Common Configuration Scoring System
Stars: ✭ 111 (+79.03%)
DevsecopsThis repository contains information about DevSecOps and how to get involved in this community effort.
Stars: ✭ 103 (+66.13%)
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+16370.97%)
PurifyAll-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (+16.13%)
TfsecSecurity scanner for your Terraform code
Stars: ✭ 3,622 (+5741.94%)
Bunkerized Nginx🛡️ Make your web services secure by default !
Stars: ✭ 2,361 (+3708.06%)