PurifyAll-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (-71.54%)
Gg ShieldDetect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.
Stars: ✭ 708 (+179.84%)
ContainersshContainerSSH: Launch containers on demand
Stars: ✭ 195 (-22.92%)
Kube Scankube-scan: Octarine k8s cluster risk assessment tool
Stars: ✭ 566 (+123.72%)
SecurecodeboxsecureCodeBox (SCB) - continuous secure delivery out of the box
Stars: ✭ 279 (+10.28%)
TrivyScanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
Stars: ✭ 9,673 (+3723.32%)
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+1702.77%)
TerrascanDetect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Stars: ✭ 2,687 (+962.06%)
ThreatmapperIdentify vulnerabilities in running containers, images, hosts and repositories
Stars: ✭ 361 (+42.69%)
Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (-49.41%)
Gg Shield ActionGitGuardian Shield GitHub Action - Find exposed credentials in your commits
Stars: ✭ 248 (-1.98%)
interceptINTERCEPT / Policy as Code Static Analysis Auditing / SAST
Stars: ✭ 54 (-78.66%)
snyk-security-scanner-pluginTest and monitor your projects for vulnerabilities with Jenkins. This plugin is officially maintained by Snyk.
Stars: ✭ 33 (-86.96%)
ochrona-cliA command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
Stars: ✭ 46 (-81.82%)
dohq-ai-best-practicesВнедрение и эксплуатация PT Application Inspector. Подробнее: https://habr.com/ru/company/pt/blog/557142/
Stars: ✭ 22 (-91.3%)
django-security-checkHelps you continuously monitor and fix common security vulnerabilities in your Django application.
Stars: ✭ 69 (-72.73%)
log4j-cve-2021-44228Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)
Stars: ✭ 58 (-77.08%)
DongTai-agent-javaJava Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.
Stars: ✭ 592 (+133.99%)
secureCodeBox-v2This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.
Stars: ✭ 23 (-90.91%)
awesome-policy-as-codeA curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.
Stars: ✭ 121 (-52.17%)
posteeSimple message routing system that receives input messages through a webhook interface and can enforce actions using predefined outputs via integrations.
Stars: ✭ 160 (-36.76%)
SoteriaPlugin to block compilation when unapproved dependencies are used or code styling does not comply.
Stars: ✭ 36 (-85.77%)
mobsf-ciAll that is required to run MobSF in the ci
Stars: ✭ 37 (-85.38%)
netmakerNetmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Stars: ✭ 4,147 (+1539.13%)
havengrc☁️Haven GRC - easier governance, risk, and compliance 👨⚕️👮♀️🦸♀️🕵️♀️👩🔬
Stars: ✭ 83 (-67.19%)
mapi-action🤖 Run a Mayhem for API scan in GitHub Actions
Stars: ✭ 16 (-93.68%)
prancer-compliance-testThis repository includes cloud security policies for IaC and live resources.
Stars: ✭ 32 (-87.35%)
box-appServerThe Staff-Manager App Server for Enterprise Token Safe BOX
Stars: ✭ 22 (-91.3%)
cscannerAn open source, multi-cloud DevSecOps compliance checker
Stars: ✭ 19 (-92.49%)
makesA DevSecOps framework powered by Nix.
Stars: ✭ 158 (-37.55%)
gitavscanGit Anti-Virus Scan Action - Detect trojans, viruses, malware & other malicious threats.
Stars: ✭ 23 (-90.91%)
SpyGenTrojan 🐍 (keylogger, take screenshots, open your webcam) 🔓
Stars: ✭ 115 (-54.55%)
workshop-devsecopsLa intención de la workshop es mostrar y orientar a los equipos de desarrollo, seguridad y devops (entre otros) que quieran comenzar en DevSecOps, a segurar sus aplicaciones o bien a conocer un poco más acerca del desarrollo seguro, para esto, estaremos otorgando algunos tips e información que fuimos aprendiendo para armar un Pipeline DevSecOps …
Stars: ✭ 14 (-94.47%)
devops-infra-demoGrowing repository of Infrastructure as Code demos (initially created for DevOps Wall Street)
Stars: ✭ 31 (-87.75%)
tfquerytfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.
Stars: ✭ 297 (+17.39%)
big-bangBig Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.
Stars: ✭ 55 (-78.26%)
MixewayHubMixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.
Stars: ✭ 80 (-68.38%)
vimana-frameworkVimana is an experimental security framework that aims to provide resources for auditing Python web applications.
Stars: ✭ 47 (-81.42%)
KraneKubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (+0.4%)
nmap-formatterA tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot). Simply put it's nmap converter.
Stars: ✭ 129 (-49.01%)
reconmapVulnerability assessment and penetration testing automation and reporting platform for teams.
Stars: ✭ 242 (-4.35%)
introspectorA schema and set of tools for using SQL to query cloud infrastructure.
Stars: ✭ 61 (-75.89%)
qodana-action⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana
Stars: ✭ 112 (-55.73%)
sonarqube-actionIntegrate SonarQube scanner to GitHub Actions
Stars: ✭ 90 (-64.43%)
perimeterator'Continuous' AWS perimeter monitoring: Periodically scan internet facing AWS resources to detect misconfigured services.
Stars: ✭ 59 (-76.68%)
privapiDetect Sensitive REST API communication using Deep Neural Networks
Stars: ✭ 42 (-83.4%)
cfngoatCfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Stars: ✭ 70 (-72.33%)
lunasecLunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+398.42%)
dep-scanFully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+36.76%)
MicrosoftWontFixListA list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 2021 (and SpoolSample ;-))
Stars: ✭ 854 (+237.55%)
GDPRDPIATA GDPR Data Protection Impact Assessment (DPIA) tool to assist organisations to evaluate data protection risks with respect to the EU's General Data Protection Regulation. 🇪🇺
Stars: ✭ 28 (-88.93%)
cdkgoatCdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository. CdkGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Stars: ✭ 27 (-89.33%)
kdtCLI to interact with Kondukto
Stars: ✭ 18 (-92.89%)
ggshield-actionGitGuardian Shield GitHub Action - Find exposed credentials in your commits
Stars: ✭ 304 (+20.16%)
nightfall dlp actionGitHub Data Loss Prevention (DLP) Action: Scan Pull Requests for sensitive data, like credentials & secrets, PII, credit card numbers, and more.
Stars: ✭ 46 (-81.82%)