984 Open source projects that are alternatives of or similar to lunasec

immudb - world’s fastest immutable database, built on a zero trust model

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

Wazuh - Kibana plugin

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

☁️Haven GRC - easier governance, risk, and compliance 👨‍⚕️👮‍♀️🦸‍♀️🕵️‍♀️👩‍🔬

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

🛡️ Make your web services secure by default !

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.

Centralize Vulnerability Assessment and Management for DevSecOps Team

Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)

A privacy and security engineering toolkit: Discover, understand, pseudonymize, anonymize, encrypt and securely share sensitive and personal data: Privacy and security as code.

Privacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.

A common framework enabling companies to work together to protect consumers' privacy and data rights.

Collection of Data Processing Agreement (DPA) and GDPR compliance resources

Secure storage for personal records built to comply with GDPR

Ultimate DevSecOps library

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Compliance automation framework, focused on SOC2

A crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors

Wazuh - Tools for packages creation

A docker container for openvas

Azure PCI PaaS Reference Architecture

A GDPR Data Protection Impact Assessment (DPIA) tool to assist organisations to evaluate data protection risks with respect to the EU's General Data Protection Regulation. 🇪🇺

Detect Sensitive REST API communication using Deep Neural Networks

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

INTERCEPT / Policy as Code Static Analysis Auditing / SAST

An open source, multi-cloud DevSecOps compliance checker

Wazuh - Ruleset

Wazuh - Project documentation

Sensitive Data Management: Data Discovery and Anonymization toolkit

NIST Certified SCAP 1.2 toolkit

The GDPR Checklist

Wazuh - Docker containers

Security scanner for your Terraform code

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Wazuh - Ansible playbook

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

Wazuh - Chef cookbooks

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

SIAC is an enterprise SIEM built on open-source technology.

💀 A bash hacking and scanning framework.

CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.

Wazuh - The Open Source Security Platform

VGS Collect iOS SDK

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Awesome Node.js Security resources

Python library and CLI for the Bug Bounty Recon API

JavaScript library for building web-based applications that employ secure multi-party computation (MPC).

Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!

Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

Creates CycloneDX Software Bill of Materials (SBOM) from Go modules

Wazuh - Puppet module

Stop half-done API specifications! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by validating your API specifications.

🔐 Docker Container for Penetration Testing & Security

A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs