1383 Open source projects that are alternatives of or similar to Gg Shield Action

Identify vulnerabilities in running containers, images, hosts and repositories

Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.

kube-scan: Octarine k8s cluster risk assessment tool

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Awesome PHP Security Resources 🕶🐘🔐

Teamvision软件工程协作工具

CODO是一款为用户提供企业多混合云、一站式DevOps、自动化运维、完全开源的云管理平台、自动化运维平台

List of Continuous Integration services

Powerful and user-friendly CI / CD server with high availability, parallel build, agent scaling

Functional DevOps with Scala and Kubernetes

A template for maintaining a multiple environments infrastructure with Terraform. This template includes a CI/CD process, that applies the infrastructure in an AWS account.

🎯 Testing your project locally in a clean environment.

💻 🐳 🐘 🐬 🐧 🚀 Start Docker LNMP(LEMP) In less than 2 minutes Powered by Docker Compose. 让 PHP 开发者快速（一键）搭建基于容器技术（Docker、Kubernetes）的开发、测试、生产（CI/CD by Drone）环境.

Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

Modern UI for Ansible

A Terraform module for hosting your own runner for CI/CD on Digital Ocean to run jobs in your GitHub Actions workflows. 🚀

🌊 👬 🏢 Integrate with TeamCity fluently

Secure, human-friendly, cross-platform secrets and config.

webhook is a lightweight incoming webhook server to run shell commands

A Github action for kubectl, the Kubernetes CLI

Scan Kubernetes resource files , and helm charts for security configurations issues and best practices.

资产管理、资产采集、灰度发布、反向代理、批量任务、任务编排、计划任务、日志审计、权限管理、角色管理、部门管理、运维自动化

A lightweight CI/CD tool powered by Golang

Centralize Vulnerability Assessment and Management for DevSecOps Team

🔱 Collection and Roadmap for everyone who wants DevSecOps.

pypyr task-runner cli & api for automation pipelines. Automate anything by combining commands, different scripts in different languages & applications into one pipeline process.

Knowledge seeks no man

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Nvwa-io is a open source DevOps CI/CD auto-build and auto-deploy system（女娲 - 开源 DevOps CI/CD 自动构建和自动部署系统). http://nvwa-io.com

Curating the best DevSecOps resources and tooling.

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

secureCodeBox (SCB) - continuous secure delivery out of the box

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

IceCI is a continuous integration system designed for Kubernetes from the ground up.

🐙🛠️ Open-source self-hosted solution for managing multiple deployments in a Kubernetes cluster with a user-friendly web interface.

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

All-in-one tool for managing vulnerability reports from AppSec pipelines

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

This repository contains information about DevSecOps and how to get involved in this community effort.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

MirrorGate DevOps Dashboard

Security scanner for your Terraform code

Java client, built on top of jclouds, for working with Jenkins REST API

Run your GitHub Actions locally 🚀

A fork of the Drone CI system version 0.8, right before the 1.0 release and license changes

🔐 Docker Container for Penetration Testing & Security

System for containerized apps management. From build to scaling.

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

🐆 EXPERIMENTAL -- Runs GitHub Actions workflows locally (local) -- Don't run your YAML like a 🐪

Automated software delivery as fast and easy as possible 🚀

The DevSecOps toolset for REST APIs

IAST 灰盒扫描工具

Linux vulnerability scanner based on Salt Open and Vulners audit API, with Slack notifications and JIRA integration

Fast and configurable filesystem (file and directory names) linter

The most flexible build tool for monorepo

ContainerSSH: Launch containers on demand

A Blazing fast Security Auditing tool for Kubernetes