101 Open source projects that are alternatives of or similar to Hunter

Identify hardcoded secrets and dangerous behaviours

The Secure Coding Framework

ContainerSSH: Launch containers on demand

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Curating the best DevSecOps resources and tooling.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

The DevSecOps toolset for REST APIs

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

🔐 Docker Container for Penetration Testing & Security

🔱 Collection and Roadmap for everyone who wants DevSecOps.

Agile Threat Modeling Toolkit

🔥Open source RASP solution

nodejsscan is a static security code scanner for Node.js applications.

Awesome DevSecOps на русском языке

Centralize Vulnerability Assessment and Management for DevSecOps Team

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Kubernetes Common Configuration Scoring System

This repository contains information about DevSecOps and how to get involved in this community effort.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

All-in-one tool for managing vulnerability reports from AppSec pipelines

Подборка выступлений и публикаций на тему DevSecOps на русском и не только)

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.

Awesome PHP Security Resources 🕶🐘🔐

kube-scan: Octarine k8s cluster risk assessment tool

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

Application Security Automation

Identify vulnerabilities in running containers, images, hosts and repositories

Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

Knowledge seeks no man

Security scanner for your Terraform code

🛡️ Make your web services secure by default !

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.