276 Open source projects that are alternatives of or similar to Kics

Disposable and resilient red team infrastructure with Terraform

Kubernetes-based Dev Environments with GitOps

With Testinfra you can write unit tests in Python to test actual state of your servers configured by management tools like Salt, Ansible, Puppet, Chef and so on.

A simple Java command-line utility to mirror the CVE JSON data from NIST.

Validate infrastructure as code (IaC) and objects using PowerShell rules.

An Ansible playbook that apply the principle of the Infrastructure as Code on a QEMU/KVM environment.

Based on the proxy gateway service of dubbo-go, it solves the problem that the external protocol calls the internal Dubbo cluster. At present, it supports HTTP and gRPC[developing].

YAWAST ...where a pentest starts. Security Toolkit for Web-based Applications

HTML5 WebSocket message fuzzer

hiboot is a high performance web and cli application framework with dependency injection support

This is an example of automatic deployments of your infrastructure using terraform and CircleCI 2.0 workflows

The AWS Copilot CLI is a tool for developers to build, release and operate production ready containerized applications on Amazon ECS and AWS Fargate.

Synchronize your DNS to multiple providers from a simple DSL

Introduce a fluent way to design cloud native microservices via EventStorming workshop, this is a hands-on workshop. Contains such topics: DDD, Event storming, Specification by example. Including the AWS product : Serverless Lambda , DynamoDB, Fargate, CloudWatch.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Info about many of my Terraform, AWS, and DevOps projects.

Gyro is a command-line tool for creating, updating, and maintaining cloud infrastructure. Gyro makes infrastructure-as-code possible.

serverless.tf is an opinionated open-source framework for developing, building, deploying, and securing serverless applications and infrastructures on AWS using Terraform.

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Speedle is an open source project for access control.

An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.

Curated list of resources on HashiCorp's Terraform

Ansible Modules and Sample Playbooks for HPE OneView

Dagger 是一个基于 Loki 的日志查询和管理系统，它是由达闼科技（ CloudMinds ）云团队的`大禹基础设施平台`派生出来的一个项目。Dagger 运行在 Loki 前端，具备日志查询、搜索，保存和下载等特性，适用于云原生场景下的容器日志管理场景。

Terraform Module for AWS Landing Zone

DEPRECATED - no longer actively maintained. New repository: https://github.com/HewlettPackard/oneview-python

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS

Methodology for high-quality web application security testing - https://github.com/tprynn/web-methodology/wiki

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Kurukshetra - A framework for teaching secure coding by means of interactive problem solving.

Tools for managing DNS across multiple providers

The Modern Application Platform.

The OWASP ZAP Heads Up Display (HUD)

Kumogata is a tool for AWS CloudFormation. It can define a template in Ruby DSL.

This project is about creating and publishing threat model examples.

A Bind9 server for pentesters to use for Out-of-Band vulnerabilities

Version 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer

Software to automate the management and configuration of any infrastructure or application at scale. Get access to the Salt software package repository here:

The simplest, most powerful way to build serverless applications

AWS Workshop for Kubernetes

Terraform automation for Cloud

Oversecured Vulnerable Android App

OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development

Manage Infrastructure as Code with less pain.

An application to assist in the organization and prioritization of software security activities.

Infrastructure As Code Tutorial. Covers Packer, Terraform, Ansible, Vagrant, Docker, Docker Compose, Kubernetes

A Table of Contents of all Gruntwork Code

Manage federated learning workload using cloud native technologies.

Ansible module for Goss

KubeCon-CloudNativeCon-North-America-2018's slides. / 2018北美CNCF大会PPT。

Automate and expose complex infrastructure tasks to teams and services.

A Clojure wrapper for the AWS Cloud Development Kit (AWS CDK)

MuShop - Cloud Native microservices demo for Oracle Cloud Infrastructure

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

🎯 RFI/LFI Payload List

Automate application management on Kubernetes (project under CNCF)

Like Prometheus, but for logs.

mimic: Define your Deployments, Infrastructure and Configuration as a Go Code 🚀