151 Open source projects that are alternatives of or similar to log4j-cve-2021-44228

No description or website provided.

A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

The DevSecOps toolset for REST APIs

Protect and discover secrets using Gitleaks 🔑

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

🔐 Docker Container for Penetration Testing & Security

Внедрение и эксплуатация PT Application Inspector. Подробнее: https://habr.com/ru/company/pt/blog/557142/

CdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository. CdkGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

Agile Threat Modeling Toolkit

GitGuardian Shield GitHub Action - Find exposed credentials in your commits

Git Anti-Virus Scan Action - Detect trojans, viruses, malware & other malicious threats.

Log annotation for logging frameworks

nodejsscan is a static security code scanner for Node.js applications.

Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

Checklist for container security - devsecops practices

一个LDAP请求监听器，摆脱dnslog平台和java

Centralize Vulnerability Assessment and Management for DevSecOps Team

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Detections for CVE-2021-44228 inside of nested binaries

☁️Haven GRC - easier governance, risk, and compliance 👨‍⚕️👮‍♀️🦸‍♀️🕵️‍♀️👩‍🔬

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Kubernetes Common Configuration Scoring System

大学生信息管理系统——初学路上自己摸索实践的项目

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Improve your code security by running different security checks/validation in a simple way.

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.

Growing repository of Infrastructure as Code demos (initially created for DevOps Wall Street)

Подборка выступлений и публикаций на тему DevSecOps на русском и не только)

The Secure Coding Framework

Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).

Checks Minecraft, MultiMC, Lunar and Badlion logs folder to see if you've been affected by the exploit!

🤖 Run a Mayhem for API scan in GitHub Actions

Send a Telegram message when your scripts fire an exception or when they finish their execution.

Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Simple message routing system that receives input messages through a webhook interface and can enforce actions using predefined outputs via integrations.

JLine 3 appender for Log4j2, allows extending command line apps using colors and command completion

🔱 Collection and Roadmap for everyone who wants DevSecOps.

Vimana is an experimental security framework that aims to provide resources for auditing Python web applications.

🔥Open source RASP solution

Stamp your code with a trackable digital copyright

Awesome DevSecOps на русском языке

微信小程序+微信管理后台+微信用户前台

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.

This repository contains information about DevSecOps and how to get involved in this community effort.

Deploy, update, and stage your WAFs while managing them centrally via FMS.

All-in-one tool for managing vulnerability reports from AppSec pipelines

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

Integrate SonarQube scanner to GitHub Actions

Behavioural driven development UI automation framework using selenium, cucumber-java, testng, maven, phantomjs

JAR, Java, and JSP shells that work on Linux OS, macOS, and Windows OS.

Simulating Log4j Remote Code Execution (RCE) vulnerability in a flask web server using python's logging library with custom formatter that simulates lookup substitution by executing remote exploit code.

A schema and set of tools for using SQL to query cloud infrastructure.

This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

Minecraft Honeypot for Log4j exploit. CVE-2021-44228 Log4Shell LogJam