dep-scanFully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+1721.05%)
prowlerProwler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+42247.37%)
CheckovPrevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+18700%)
havengrc☁️Haven GRC - easier governance, risk, and compliance 👨⚕️👮♀️🦸♀️🕵️♀️👩🔬
Stars: ✭ 83 (+336.84%)
lunasecLunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+6536.84%)
interceptINTERCEPT / Policy as Code Static Analysis Auditing / SAST
Stars: ✭ 54 (+184.21%)
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+23905.26%)
TfsecSecurity scanner for your Terraform code
Stars: ✭ 3,622 (+18963.16%)
guardianGuardian is a tool for extensible and universal data access with automated access workflows and security controls across data stores, analytical systems, and cloud products.
Stars: ✭ 127 (+568.42%)
privapiDetect Sensitive REST API communication using Deep Neural Networks
Stars: ✭ 42 (+121.05%)
link-verifierA tool for verifying links in text-based files
Stars: ✭ 26 (+36.84%)
PwnCheckerMulti tool checker account validator 2020
Stars: ✭ 30 (+57.89%)
Discord-Token-Checker🔥Fastest Parallel Request Double-Check Discord Token Checker🔥 Parse discord tokens from any file and directory.
Stars: ✭ 36 (+89.47%)
vimana-frameworkVimana is an experimental security framework that aims to provide resources for auditing Python web applications.
Stars: ✭ 47 (+147.37%)
cis benchmarks auditSimple command line tool to check for compliance against CIS Benchmarks
Stars: ✭ 182 (+857.89%)
gitavscanGit Anti-Virus Scan Action - Detect trojans, viruses, malware & other malicious threats.
Stars: ✭ 23 (+21.05%)
DongTai-agent-javaJava Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.
Stars: ✭ 592 (+3015.79%)
nagios checkRuby Nagios Check Integration
Stars: ✭ 13 (-31.58%)
YANG🔥 The most efficient, open-source, and unlimited discord nitro generator & checker. 🚀
Stars: ✭ 215 (+1031.58%)
DevSecOpsUltimate DevSecOps library
Stars: ✭ 4,450 (+23321.05%)
node-lintspacesA validator for checking different kinds of whitespaces in your files.
Stars: ✭ 31 (+63.16%)
introspectorA schema and set of tools for using SQL to query cloud infrastructure.
Stars: ✭ 61 (+221.05%)
ticket-check-actionVerify that pull request titles start with a ticket ID
Stars: ✭ 29 (+52.63%)
perimeterator'Continuous' AWS perimeter monitoring: Periodically scan internet facing AWS resources to detect misconfigured services.
Stars: ✭ 59 (+210.53%)
posteeSimple message routing system that receives input messages through a webhook interface and can enforce actions using predefined outputs via integrations.
Stars: ✭ 160 (+742.11%)
wazuh-packagesWazuh - Tools for packages creation
Stars: ✭ 54 (+184.21%)
health-checkHealth Check is an application that provides an API to check the health health_check of some parts and some utilities like ping requests. This application can works as standalone or included in a Django project.
Stars: ✭ 31 (+63.16%)
akamai-toolkitA set of tools to work on Akamai v1 anti-bot solution. Current supported version: 1.70
Stars: ✭ 215 (+1031.58%)
workshop-devsecopsLa intención de la workshop es mostrar y orientar a los equipos de desarrollo, seguridad y devops (entre otros) que quieran comenzar en DevSecOps, a segurar sus aplicaciones o bien a conocer un poco más acerca del desarrollo seguro, para esto, estaremos otorgando algunos tips e información que fuimos aprendiendo para armar un Pipeline DevSecOps …
Stars: ✭ 14 (-26.32%)
LOCKLEVELA prototype that demonstrates a method for scoring how well Windows systems have implemented some of the top 10 Information Assurance mitigation strategies. #nsacyber
Stars: ✭ 98 (+415.79%)
RCPickerButtonSimple button for marking some items as selected.
Stars: ✭ 17 (-10.53%)
apachrotApache (Linux) CVE-2021-41773/2021-42013 Mass Vulnerability Checker
Stars: ✭ 21 (+10.53%)
kdtCLI to interact with Kondukto
Stars: ✭ 18 (-5.26%)
ProxyCheckerproxy checker to check the status of the ip-port proxy list
Stars: ✭ 24 (+26.32%)
ggshield-actionGitGuardian Shield GitHub Action - Find exposed credentials in your commits
Stars: ✭ 304 (+1500%)
tfquerytfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.
Stars: ✭ 297 (+1463.16%)
ggshieldFind and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Stars: ✭ 1,272 (+6594.74%)
nmap-formatterA tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.
Stars: ✭ 129 (+578.95%)
link-checkchecks whether a hyperlink is alive (`200 OK`) or dead.
Stars: ✭ 35 (+84.21%)
QuerlyQuery Method Calls from Ruby Programs
Stars: ✭ 226 (+1089.47%)
NeomakeAsynchronous linting and make framework for Neovim/Vim
Stars: ✭ 2,512 (+13121.05%)
awesome-policy-as-codeA curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
Stars: ✭ 121 (+536.84%)
openacrOpenACR is a digital native Accessibility Conformance Report (ACR). The initial development is based on Section 508 requirements. The main goal is to be able to compare the accessibility claims of digital products and services. A structured, self-validated, machine-readable documentation will provide for this.
Stars: ✭ 61 (+221.05%)
Forbidden ApisPoliceman's Forbidden API Checker
Stars: ✭ 216 (+1036.84%)
Markdown Link Checkchecks that all of the hyperlinks in a markdown text to determine if they are alive or dead
Stars: ✭ 198 (+942.11%)
steampipe-mod-kubernetes-complianceRun individual controls or full compliance benchmarks for NSA CISA Kubernetes Hardening Guidance across all of your Kubernetes clusters using Steampipe.
Stars: ✭ 23 (+21.05%)
forgeISC Forge is an open source DHCP conformance validation framework, primarily used for testing ISC Kea.
Stars: ✭ 26 (+36.84%)