Immudbimmudb - world’s fastest immutable database, built on a zero trust model
Stars: ✭ 3,743 (+196.83%)
dep-scanFully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (-72.56%)
ContentSecurity automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Stars: ✭ 1,219 (-3.33%)
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+261.7%)
havengrc☁️Haven GRC - easier governance, risk, and compliance 👨⚕️👮♀️🦸♀️🕵️♀️👩🔬
Stars: ✭ 83 (-93.42%)
LynisLynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+624.58%)
prowlerProwler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+538.07%)
Bunkerized Nginx🛡️ Make your web services secure by default !
Stars: ✭ 2,361 (+87.23%)
dependency-check-py🔐 Shim to easily install OWASP dependency-check-cli into Python projects
Stars: ✭ 44 (-96.51%)
ggshieldFind and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Stars: ✭ 1,272 (+0.87%)
secureCodeBox-v2This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.
Stars: ✭ 23 (-98.18%)
ArcherysecCentralize Vulnerability Assessment and Management for DevSecOps Team
Stars: ✭ 1,802 (+42.9%)
log4j-cve-2021-44228Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)
Stars: ✭ 58 (-95.4%)
kodexA privacy and security engineering toolkit: Discover, understand, pseudonymize, anonymize, encrypt and securely share sensitive and personal data: Privacy and security as code.
Stars: ✭ 70 (-94.45%)
fidesopsPrivacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.
Stars: ✭ 32 (-97.46%)
OpendsrA common framework enabling companies to work together to protect consumers' privacy and data rights.
Stars: ✭ 295 (-76.61%)
DatabunkerSecure storage for personal records built to comply with GDPR
Stars: ✭ 122 (-90.33%)
DevSecOpsUltimate DevSecOps library
Stars: ✭ 4,450 (+252.89%)
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+709.83%)
ComplyCompliance automation framework, focused on SOC2
Stars: ✭ 596 (-52.74%)
Gdpr TrackerA crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors
Stars: ✭ 142 (-88.74%)
wazuh-packagesWazuh - Tools for packages creation
Stars: ✭ 54 (-95.72%)
GDPRDPIATA GDPR Data Protection Impact Assessment (DPIA) tool to assist organisations to evaluate data protection risks with respect to the EU's General Data Protection Regulation. 🇪🇺
Stars: ✭ 28 (-97.78%)
privapiDetect Sensitive REST API communication using Deep Neural Networks
Stars: ✭ 42 (-96.67%)
ChopchopChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
Stars: ✭ 227 (-82%)
dependency-track-maven-pluginMaven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
Stars: ✭ 28 (-97.78%)
interceptINTERCEPT / Policy as Code Static Analysis Auditing / SAST
Stars: ✭ 54 (-95.72%)
cscannerAn open source, multi-cloud DevSecOps compliance checker
Stars: ✭ 19 (-98.49%)
DatadefenderSensitive Data Management: Data Discovery and Anonymization toolkit
Stars: ✭ 79 (-93.74%)
OpenscapNIST Certified SCAP 1.2 toolkit
Stars: ✭ 750 (-40.52%)
Wazuh DockerWazuh - Docker containers
Stars: ✭ 213 (-83.11%)
TfsecSecurity scanner for your Terraform code
Stars: ✭ 3,622 (+187.23%)
CheckovPrevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+183.27%)
netmakerNetmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Stars: ✭ 4,147 (+228.87%)
Wazuh ChefWazuh - Chef cookbooks
Stars: ✭ 9 (-99.29%)
Ossec HidsOSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Stars: ✭ 3,580 (+183.9%)
SiacSIAC is an enterprise SIEM built on open-source technology.
Stars: ✭ 100 (-92.07%)
Hack4Squad💀 A bash hacking and scanning framework.
Stars: ✭ 45 (-96.43%)
cyclonedx-cliCycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
Stars: ✭ 154 (-87.79%)
WazuhWazuh - The Open Source Security Platform
Stars: ✭ 3,154 (+150.12%)
SherlockThis script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)
Stars: ✭ 36 (-97.15%)
BbreconPython library and CLI for the Bug Bounty Recon API
Stars: ✭ 169 (-86.6%)
JiffJavaScript library for building web-based applications that employ secure multi-party computation (MPC).
Stars: ✭ 131 (-89.61%)
log4j-detectorLog4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!
Stars: ✭ 622 (-50.67%)
cyclonedx-maven-pluginCreates CycloneDX Software Bill of Materials (SBOM) from Maven projects
Stars: ✭ 103 (-91.83%)
cyclonedx-gomodCreates CycloneDX Software Bill of Materials (SBOM) from Go modules
Stars: ✭ 27 (-97.86%)
firecrackerStop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.
Stars: ✭ 438 (-65.27%)
ochrona-cliA command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
Stars: ✭ 46 (-96.35%)