1100 Open source projects that are alternatives of or similar to intercept

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Security scanner for your Terraform code

nodejsscan is a static security code scanner for Node.js applications.

Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber

Run a security scan on your terraform with the very nice https://github.com/liamg/tfsec

The Audit Test Automation Package gives you the ability to get an overview about the compliance status of several systems. You can easily create HTML-reports and have a transparent overview over compliance and non-compliance of explicit setttings and configurations in comparison to industry standards and hardening guides.

⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Collection of small security tools, mostly in Bash and Python. CTFs, Bug Bounty and other stuff.

This repository includes cloud security policies for IaC and live resources.

An open source, general-purpose policy engine.

Speedle is an open source project for access control.

GitHub Action to set up Fortify ScanCentral Client

A crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Security scanner coordinator

WEB SERVICE SECURITY ASSESSMENT TOOL

Your performance & security consultant, an artisan command away.

Yet another Django audit log app, hopefully the simplest one.

Continuous Auditing & Configuration

GCP CIS 1.1.0 Benchmark InSpec Profile

Record the change log from models in Laravel

Webhook server that evaluates WebAssembly policies to validate Kubernetes requests

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

Wazuh - Tools for packages creation

Policy and data administration, distribution, and real-time updates on top of Open Policy Agent

A plugin to enforce OPA policies with Envoy

GAMECHANGER aspires to be the Department’s trusted solution for evidence-based, data-driven decision-making across the universe of DoD requirements

Integrate SonarQube scanner to GitHub Actions

InSpec: Auditing and Testing Framework

Library and CLI tool for analysing CloudFormation templates and check them for security compliance.

Open Source Software Requirements and Guidance (Draft) - Exigences et guides liés aux logiciels libres (Ébauche)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.

A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

Web Application Security Scanner Framework

Vulnerability Patterns Detector for C# and VB.NET

Speedle+ is an open source project for access management. It is based on Speedle open source project and maintained by previous Speedle maintainers.

GKE CIS 1.1.0 Benchmark InSpec Profile

Simple, easily customised trigger-based auditing for PostgreSQL (Postgres). See also pgaudit.

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Auditing Script based on CIS-BENCHMARK CENTOS 8

Assesses CPU security of embedded devices. #nsacyber

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

☁️Haven GRC - easier governance, risk, and compliance 👨‍⚕️👮‍♀️🦸‍♀️🕵️‍♀️👩‍🔬

An open source, multi-cloud DevSecOps compliance checker

A common audit framework for java application

Rode facilitates Automated Governance in your software supply chain. This repository contains the rode API which is the primary interface between the rode UI or rode Collectors and metadata storage in Grafeas. The rode API provides functions for metadata search and storage as well as policy creation and evaluation.

Zero-setup SSH-based scanner with extensive visualizations for Debian server inventory, policy compliance and vulnerabilities

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Wazuh - The Open Source Security Platform

GAMECHANGER aspires to be the Department’s trusted solution for evidence-based, data-driven decision-making across the universe of DoD requirements

A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.

Simple command line tool to check for compliance against CIS Benchmarks

A Kubernetes dynamic admission controller that uses WebAssembly policies to validate incoming requests

Wazuh - Ansible playbook