101 Open source projects that are alternatives of or similar to Hunter

A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.

'Continuous' AWS perimeter monitoring: Periodically scan internet facing AWS resources to detect misconfigured services.

CdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository. CdkGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

Checklist for container security - devsecops practices

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

☁️Haven GRC - easier governance, risk, and compliance 👨‍⚕️👮‍♀️🦸‍♀️🕵️‍♀️👩‍🔬

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

CLI to interact with Kondukto

Deploy, update, and stage your WAFs while managing them centrally via FMS.

Внедрение и эксплуатация PT Application Inspector. Подробнее: https://habr.com/ru/company/pt/blog/557142/

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

A GDPR Data Protection Impact Assessment (DPIA) tool to assist organisations to evaluate data protection risks with respect to the EU's General Data Protection Regulation. 🇪🇺

Simple message routing system that receives input messages through a webhook interface and can enforce actions using predefined outputs via integrations.

Integrate SonarQube scanner to GitHub Actions

A schema and set of tools for using SQL to query cloud infrastructure.

Helps you continuously monitor and fix common security vulnerabilities in your Django application.

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Improve your code security by running different security checks/validation in a simple way.

Ultimate DevSecOps library

Test and monitor your projects for vulnerabilities with Jenkins. This plugin is officially maintained by Snyk.

GitGuardian Shield GitHub Action - Find exposed credentials in your commits

INTERCEPT / Policy as Code Static Analysis Auditing / SAST

An open source, multi-cloud DevSecOps compliance checker

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

Growing repository of Infrastructure as Code demos (initially created for DevOps Wall Street)

Git Anti-Virus Scan Action - Detect trojans, viruses, malware & other malicious threats.

⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana

La intención de la workshop es mostrar y orientar a los equipos de desarrollo, seguridad y devops (entre otros) que quieran comenzar en DevSecOps, a segurar sus aplicaciones o bien a conocer un poco más acerca del desarrollo seguro, para esto, estaremos otorgando algunos tips e información que fuimos aprendiendo para armar un Pipeline DevSecOps …

GitHub Advance Security Compliance Action

tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.

IAST 灰盒扫描工具

Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.

Build a CI/CD for Microservices and Serverless Functions in AWS ☁️

A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

DevSecOps Toolchain

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Detect Sensitive REST API communication using Deep Neural Networks

GitHub Data Loss Prevention (DLP) Action: Scan Pull Requests for sensitive data, like credentials & secrets, PII, credit card numbers, and more.

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

Best practices and integrations available for Spring Boot based Microservice in a single repository.

GitGuardian Shield GitHub Action - Find exposed credentials in your commits

Protect and discover secrets using Gitleaks 🔑

Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.

The Solutions Delivery Platform runtime pipeline framework

🤖 Run a Mayhem for API scan in GitHub Actions

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

A DevSecOps framework powered by Nix.

This repository includes cloud security policies for IaC and live resources.

secureCodeBox (SCB) - continuous secure delivery out of the box

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

All that is required to run MobSF in the ci

Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)

A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs