144 Open source projects that are alternatives of or similar to gitleaks

Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.

Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.

Ultimate DevSecOps library

A Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods.

A tiny secret store to keep your little secrets

Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.

Pluggable linting tool to prevent committing credential.

Git Anti-Virus Scan Action - Detect trojans, viruses, malware & other malicious threats.

A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.

By hooking into the pre-push hook provided by Git, Talisman validates the outgoing changeset for things that look suspicious - such as authorization tokens and private keys.

Environment variables meet macOS Keychain and gnome-keyring <3

Command-line tool integrating with go:generate to replace substitute tokens with ENV variables value.

tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.

CLI to interact with Kondukto

An open source, multi-cloud DevSecOps compliance checker

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

Simple message routing system that receives input messages through a webhook interface and can enforce actions using predefined outputs via integrations.

🔗 React-Native LinkedIn, a simple LinkedIn login library for React-Native or Expo with WebView and Modal

INTERCEPT / Policy as Code Static Analysis Auditing / SAST

Secret Server PowerShell Module

A simple, server/less, single-api, multi-backend, ghostly secret-store/key-store for your passwords, ssh-keys and cloud credentials. Ghost isn't real, it's just in your head.

Fetch AWS keys and secrets from ~/.aws/credentials using a simple bash script

Checklist for container security - devsecops practices

A schema and set of tools for using SQL to query cloud infrastructure.

Voting system based on Ethereum

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

Detect Sensitive REST API communication using Deep Neural Networks

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.

GitGuardian Shield GitHub Action - Find exposed credentials in your commits

A program to hide file into executable binary.

Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

A Ruby implementation of Threshold Secret Sharing (Shamir) as defined in IETF Internet-Draft draft-mcgrew-tss-03.txt

The Solutions Delivery Platform runtime pipeline framework

Внедрение и эксплуатация PT Application Inspector. Подробнее: https://habr.com/ru/company/pt/blog/557142/

WordPress for Android

Simple Secret Sharing Service for social and decentralised management of passwords

OSSSM (awesome). Open source short-term secure messaging

🤖 Run a Mayhem for API scan in GitHub Actions

send a message through a safe, private, and encrypted link that automatically expires to ensure your stuff does not remain online forever.

☁️Haven GRC - easier governance, risk, and compliance 👨‍⚕️👮‍♀️🦸‍♀️🕵️‍♀️👩‍🔬

🔒 Deeply hide secrets on Android

Obfuscate string literals in JavaScript code.

kubernetes secret decoder

Synator Kubernetes Secret and ConfigMap synchronizer

This program show how to create a public chat using javascript

A simple implementation of Shamir's Secret Sharing configured to use a finite field in GF(2^8) with 128 bit padding

Guffer tweets based on a daily schedule

Lockup Gem

Secure Secret management for Kubernetes (with gpg, Google Cloud KMS and AWS KMS backends)

Keep your sensitive information out of chat logs, emails, and more with encrypted secrets.

DevSecOps Toolchain

Deploy, update, and stage your WAFs while managing them centrally via FMS.

验证码 && 密码 校验View（类似于支付宝、网商银行等密码校验框）

This repository includes cloud security policies for IaC and live resources.

La intención de la workshop es mostrar y orientar a los equipos de desarrollo, seguridad y devops (entre otros) que quieran comenzar en DevSecOps, a segurar sus aplicaciones o bien a conocer un poco más acerca del desarrollo seguro, para esto, estaremos otorgando algunos tips e información que fuimos aprendiendo para armar un Pipeline DevSecOps …

'Continuous' AWS perimeter monitoring: Periodically scan internet facing AWS resources to detect misconfigured services.