CheckovPrevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+6514.81%)
TfsecSecurity scanner for your Terraform code
Stars: ✭ 3,622 (+6607.41%)
Nodejsscannodejsscan is a static security code scanner for Node.js applications.
Stars: ✭ 1,874 (+3370.37%)
Windows Secure Host BaselineConfiguration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
Stars: ✭ 1,288 (+2285.19%)
Terraform Security ScanRun a security scan on your terraform with the very nice https://github.com/liamg/tfsec
Stars: ✭ 64 (+18.52%)
Audit-Test-AutomationThe Audit Test Automation Package gives you the ability to get an overview about the compliance status of several systems. You can easily create HTML-reports and have a transparent overview over compliance and non-compliance of explicit setttings and configurations in comparison to industry standards and hardening guides.
Stars: ✭ 37 (-31.48%)
qodana-action⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana
Stars: ✭ 112 (+107.41%)
SemgrepLightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Stars: ✭ 5,668 (+10396.3%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+246.3%)
Vulny Code Static AnalysisPython script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: ✭ 207 (+283.33%)
Security ToolsCollection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.
Stars: ✭ 509 (+842.59%)
prancer-compliance-testThis repository includes cloud security policies for IaC and live resources.
Stars: ✭ 32 (-40.74%)
OpaAn open source, general-purpose policy engine.
Stars: ✭ 5,939 (+10898.15%)
SpeedleSpeedle is an open source project for access control.
Stars: ✭ 153 (+183.33%)
Gdpr TrackerA crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors
Stars: ✭ 142 (+162.96%)
Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (+137.04%)
SalusSecurity scanner coordinator
Stars: ✭ 441 (+716.67%)
WssatWEB SERVICE SECURITY ASSESSMENT TOOL
Stars: ✭ 360 (+566.67%)
EnlightnYour performance & security consultant, an artisan command away.
Stars: ✭ 378 (+600%)
Django Easy AuditYet another Django audit log app, hopefully the simplest one.
Stars: ✭ 289 (+435.19%)
RudderContinuous Auditing & Configuration
Stars: ✭ 314 (+481.48%)
Laravel AuditingRecord the change log from models in Laravel
Stars: ✭ 2,210 (+3992.59%)
policy-serverWebhook server that evaluates WebAssembly policies to validate Kubernetes requests
Stars: ✭ 111 (+105.56%)
prowlerProwler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+14800%)
dep-scanFully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+540.74%)
opalPolicy and data administration, distribution, and real-time updates on top of Open Policy Agent
Stars: ✭ 459 (+750%)
Opa Envoy PluginA plugin to enforce OPA policies with Envoy
Stars: ✭ 185 (+242.59%)
gamechanger-dataGAMECHANGER aspires to be the Department’s trusted solution for evidence-based, data-driven decision-making across the universe of DoD requirements
Stars: ✭ 17 (-68.52%)
sonarqube-actionIntegrate SonarQube scanner to GitHub Actions
Stars: ✭ 90 (+66.67%)
InspecInSpec: Auditing and Testing Framework
Stars: ✭ 2,450 (+4437.04%)
CfripperLibrary and CLI tool for analysing CloudFormation templates and check them for security compliance.
Stars: ✭ 265 (+390.74%)
open-source-logiciel-libreOpen Source Software Requirements and Guidance (Draft) - Exigences et guides liés aux logiciels libres (Ébauche)
Stars: ✭ 31 (-42.59%)
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+18811.11%)
Static Analysis⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
Stars: ✭ 9,310 (+17140.74%)
nmap-formatterA tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.
Stars: ✭ 129 (+138.89%)
HorusecHorusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Stars: ✭ 311 (+475.93%)
ArachniWeb Application Security Scanner Framework
Stars: ✭ 2,942 (+5348.15%)
Security Code ScanVulnerability Patterns Detector for C# and VB.NET
Stars: ✭ 550 (+918.52%)
speedle-plusSpeedle+ is an open source project for access management. It is based on Speedle open source project and maintained by previous Speedle maintainers.
Stars: ✭ 45 (-16.67%)
pg-audit-jsonSimple, easily customised trigger-based auditing for PostgreSQL (Postgres). See also pgaudit.
Stars: ✭ 34 (-37.04%)
LynisLynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+16820.37%)
MaplesyrupAssesses CPU security of embedded devices. #nsacyber
Stars: ✭ 121 (+124.07%)
Information Security TasksThis repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Stars: ✭ 108 (+100%)
havengrc☁️Haven GRC - easier governance, risk, and compliance 👨⚕️👮♀️🦸♀️🕵️♀️👩🔬
Stars: ✭ 83 (+53.7%)
cscannerAn open source, multi-cloud DevSecOps compliance checker
Stars: ✭ 19 (-64.81%)
auditA common audit framework for java application
Stars: ✭ 28 (-48.15%)
rodeRode facilitates Automated Governance in your software supply chain. This repository contains the rode API which is the primary interface between the rode UI or rode Collectors and metadata storage in Grafeas. The rode API provides functions for metadata search and storage as well as policy creation and evaluation.
Stars: ✭ 48 (-11.11%)
polscanZero-setup SSH-based scanner with extensive visualizations for Debian server inventory, policy compliance and vulnerabilities
Stars: ✭ 57 (+5.56%)
lunasecLunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+2235.19%)
WazuhWazuh - The Open Source Security Platform
Stars: ✭ 3,154 (+5740.74%)
gamechangerGAMECHANGER aspires to be the Department’s trusted solution for evidence-based, data-driven decision-making across the universe of DoD requirements
Stars: ✭ 27 (-50%)
awesome-policy-as-codeA curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
Stars: ✭ 121 (+124.07%)
cis benchmarks auditSimple command line tool to check for compliance against CIS Benchmarks
Stars: ✭ 182 (+237.04%)
chimera-admissionA Kubernetes dynamic admission controller that uses WebAssembly policies to validate incoming requests
Stars: ✭ 25 (-53.7%)