592 Open source projects that are alternatives of or similar to dep-scan

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects

Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis

Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.

Creates CycloneDX Software Bill-of-Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI//CD pipeline with automatic submission to Dependency Track server.

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

Security scanner for your Terraform code

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

All-in-one tool for managing vulnerability reports from AppSec pipelines

Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework

kube-scan: Octarine k8s cluster risk assessment tool

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

creates CycloneDX Software Bill of Materials (SBOM) from node-based projects

Vulnerability database and package search for sources such as OSV, NVD, GitHub and npm.

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

分布式资产安全扫描核心管理系统(弱口令扫描，漏洞扫描)

IVA is a system to scan for known vulnerabilities in software products installed inside an organization. IVA uses CPE identifiers to search for CVEs related to a software product.

INTERCEPT / Policy as Code Static Analysis Auditing / SAST

The Correlated CVE Vulnerability And Threat Intelligence Database API

Hourly updated database of exploit and exploitation reports

A simple Java command-line utility to mirror the entire contents of VulnDB.

Identify hardcoded secrets and dangerous behaviours

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

SEC分布式资产扫描系统

Advanced vulnerability scanning with Nmap NSE

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

Helps you continuously monitor and fix common security vulnerabilities in your Django application.

An open source, multi-cloud DevSecOps compliance checker

☁️Haven GRC - easier governance, risk, and compliance 👨‍⚕️👮‍♀️🦸‍♀️🕵️‍♀️👩‍🔬

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

Web-based Source Code Vulnerability Scanner

Tracking CVEs for the linux Kernel

Open-Source Security Architecture | 开源安全架构

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Creates CycloneDX Software Bill of Materials (SBOM) from Go modules

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

GDA is a new fast and powerful decompiler in C++(working without Java VM) for the APK, DEX, ODEX, OAT, JAR, AAR, and CLASS file. which supports malicious behavior detection, privacy leaking detection, vulnerability detection, path solving, packer identification, variable tracking, deobfuscation, python&java scripts, device memory extraction, dat…

Kubernetes Common Configuration Scoring System

A collection of public security audits.

Source Code Security Audit (源代码安全审计)

Anteater - CI/CD Gate Check Framework

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.

A simple auditing utility for macOS

Terraform module for creating alarms for tracking important changes and occurrences from cloudtrail.

A simple tool for interacting with OWASP ZAP from the commandline.

DEPRECATED, bettercap developement moved here: https://github.com/bettercap/bettercap

A Go implementation of dirsearch.

Ultimate DevSecOps library