WhispersIdentify hardcoded secrets and dangerous behaviours
Stars: ✭ 66 (-76.68%)
ContainersshContainerSSH: Launch containers on demand
Stars: ✭ 195 (-31.1%)
CheckovPrevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+1162.19%)
Awesome DevsecopsCurating the best DevSecOps resources and tooling.
Stars: ✭ 188 (-33.57%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (-33.92%)
ApicheckThe DevSecOps toolset for REST APIs
Stars: ✭ 184 (-34.98%)
ThreatplaybookA unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Stars: ✭ 173 (-38.87%)
Devsecops🔱 Collection and Roadmap for everyone who wants DevSecOps.
Stars: ✭ 171 (-39.58%)
ThreagileAgile Threat Modeling Toolkit
Stars: ✭ 162 (-42.76%)
Openrasp🔥Open source RASP solution
Stars: ✭ 2,036 (+619.43%)
Nodejsscannodejsscan is a static security code scanner for Node.js applications.
Stars: ✭ 1,874 (+562.19%)
ArcherysecCentralize Vulnerability Assessment and Management for DevSecOps Team
Stars: ✭ 1,802 (+536.75%)
Django DefectdojoDefectDojo is an open-source application vulnerability correlation and security orchestration tool.
Stars: ✭ 1,926 (+580.57%)
Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (-54.77%)
TerrascanDetect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Stars: ✭ 2,687 (+849.47%)
KccssKubernetes Common Configuration Scoring System
Stars: ✭ 111 (-60.78%)
DevsecopsThis repository contains information about DevSecOps and how to get involved in this community effort.
Stars: ✭ 103 (-63.6%)
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+3508.48%)
PurifyAll-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (-74.56%)
Awesome Devsecops ruПодборка выступлений и публикаций на тему DevSecOps на русском и не только)
Stars: ✭ 62 (-78.09%)
ReapsawReapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
Stars: ✭ 37 (-86.93%)
Kubernetes GoatKubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.
Stars: ✭ 868 (+206.71%)
CmsscanCMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
Stars: ✭ 775 (+173.85%)
Dependency TrackDependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Stars: ✭ 718 (+153.71%)
Gg ShieldDetect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.
Stars: ✭ 708 (+150.18%)
Kube Scankube-scan: Octarine k8s cluster risk assessment tool
Stars: ✭ 566 (+100%)
TerragoatTerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Stars: ✭ 461 (+62.9%)
GlueApplication Security Automation
Stars: ✭ 412 (+45.58%)
ThreatmapperIdentify vulnerabilities in running containers, images, hosts and repositories
Stars: ✭ 361 (+27.56%)
HammerDow Jones Hammer : Protect the cloud with the power of the cloud(AWS)
Stars: ✭ 330 (+16.61%)
Awesome Threat ModellingA curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Stars: ✭ 319 (+12.72%)
My LinksKnowledge seeks no man
Stars: ✭ 311 (+9.89%)
TfsecSecurity scanner for your Terraform code
Stars: ✭ 3,622 (+1179.86%)
Bunkerized Nginx🛡️ Make your web services secure by default !
Stars: ✭ 2,361 (+734.28%)
TrivyScanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
Stars: ✭ 9,673 (+3318.02%)
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+1511.66%)