fix4log4jNo description or website provided.
Stars: ✭ 21 (-63.79%)
ochrona-cliA command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
Stars: ✭ 46 (-20.69%)
ApicheckThe DevSecOps toolset for REST APIs
Stars: ✭ 184 (+217.24%)
gitleaksProtect and discover secrets using Gitleaks 🔑
Stars: ✭ 10,520 (+18037.93%)
ThreatplaybookA unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Stars: ✭ 173 (+198.28%)
dohq-ai-best-practicesВнедрение и эксплуатация PT Application Inspector. Подробнее: https://habr.com/ru/company/pt/blog/557142/
Stars: ✭ 22 (-62.07%)
cdkgoatCdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository. CdkGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Stars: ✭ 27 (-53.45%)
ThreagileAgile Threat Modeling Toolkit
Stars: ✭ 162 (+179.31%)
ggshield-actionGitGuardian Shield GitHub Action - Find exposed credentials in your commits
Stars: ✭ 304 (+424.14%)
gitavscanGit Anti-Virus Scan Action - Detect trojans, viruses, malware & other malicious threats.
Stars: ✭ 23 (-60.34%)
heraldLog annotation for logging frameworks
Stars: ✭ 71 (+22.41%)
Nodejsscannodejsscan is a static security code scanner for Node.js applications.
Stars: ✭ 1,874 (+3131.03%)
ggshieldFind and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Stars: ✭ 1,272 (+2093.1%)
ldap-log一个LDAP请求监听器,摆脱dnslog平台和java
Stars: ✭ 33 (-43.1%)
ArcherysecCentralize Vulnerability Assessment and Management for DevSecOps Team
Stars: ✭ 1,802 (+3006.9%)
reconmapVulnerability assessment and penetration testing automation and reporting platform for teams.
Stars: ✭ 242 (+317.24%)
Log4j-CVE-DetectDetections for CVE-2021-44228 inside of nested binaries
Stars: ✭ 33 (-43.1%)
havengrc☁️Haven GRC - easier governance, risk, and compliance 👨⚕️👮♀️🦸♀️🕵️♀️👩🔬
Stars: ✭ 83 (+43.1%)
Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (+120.69%)
KccssKubernetes Common Configuration Scoring System
Stars: ✭ 111 (+91.38%)
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+17506.9%)
secure-pipeline-advisorImprove your code security by running different security checks/validation in a simple way.
Stars: ✭ 25 (-56.9%)
Sast ScanScan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Stars: ✭ 234 (+303.45%)
awesome-policy-as-codeA curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
Stars: ✭ 121 (+108.62%)
devops-infra-demoGrowing repository of Infrastructure as Code demos (initially created for DevOps Wall Street)
Stars: ✭ 31 (-46.55%)
Awesome Devsecops ruПодборка выступлений и публикаций на тему DevSecOps на русском и не только)
Stars: ✭ 62 (+6.9%)
log4shell-vulnerable-appSpring Boot web application vulnerable to Log4Shell (CVE-2021-44228).
Stars: ✭ 1,029 (+1674.14%)
MC-Log4J-Exploit-CheckerChecks Minecraft, MultiMC, Lunar and Badlion logs folder to see if you've been affected by the exploit!
Stars: ✭ 19 (-67.24%)
mapi-action🤖 Run a Mayhem for API scan in GitHub Actions
Stars: ✭ 16 (-72.41%)
telegram-logSend a Telegram message when your scripts fire an exception or when they finish their execution.
Stars: ✭ 16 (-72.41%)
ReapsawReapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
Stars: ✭ 37 (-36.21%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+222.41%)
posteeSimple message routing system that receives input messages through a webhook interface and can enforce actions using predefined outputs via integrations.
Stars: ✭ 160 (+175.86%)
TerminalConsoleAppenderJLine 3 appender for Log4j2, allows extending command line apps using colors and command completion
Stars: ✭ 49 (-15.52%)
Devsecops🔱 Collection and Roadmap for everyone who wants DevSecOps.
Stars: ✭ 171 (+194.83%)
vimana-frameworkVimana is an experimental security framework that aims to provide resources for auditing Python web applications.
Stars: ✭ 47 (-18.97%)
Openrasp🔥Open source RASP solution
Stars: ✭ 2,036 (+3410.34%)
digital-copyrightStamp your code with a trackable digital copyright
Stars: ✭ 17 (-70.69%)
hqc mp微信小程序+微信管理后台+微信用户前台
Stars: ✭ 69 (+18.97%)
Django DefectdojoDefectDojo is an open-source application vulnerability correlation and security orchestration tool.
Stars: ✭ 1,926 (+3220.69%)
TerrascanDetect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Stars: ✭ 2,687 (+4532.76%)
nmap-formatterA tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.
Stars: ✭ 129 (+122.41%)
DevsecopsThis repository contains information about DevSecOps and how to get involved in this community effort.
Stars: ✭ 103 (+77.59%)
aws-firewall-factoryDeploy, update, and stage your WAFs while managing them centrally via FMS.
Stars: ✭ 72 (+24.14%)
PurifyAll-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (+24.14%)
Kubernetes GoatKubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.
Stars: ✭ 868 (+1396.55%)
sonarqube-actionIntegrate SonarQube scanner to GitHub Actions
Stars: ✭ 90 (+55.17%)
selenium BDD frameworkBehavioural driven development UI automation framework using selenium, cucumber-java, testng, maven, phantomjs
Stars: ✭ 34 (-41.38%)
java-reverse-tcpJAR, Java, and JSP shells that work on Linux OS, macOS, and Windows OS.
Stars: ✭ 19 (-67.24%)
py4jshellSimulating Log4j Remote Code Execution (RCE) vulnerability in a flask web server using python's logging library with custom formatter that simulates lookup substitution by executing remote exploit code.
Stars: ✭ 86 (+48.28%)
introspectorA schema and set of tools for using SQL to query cloud infrastructure.
Stars: ✭ 61 (+5.17%)
secureCodeBox-v2This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.
Stars: ✭ 23 (-60.34%)
cfngoatCfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Stars: ✭ 70 (+20.69%)