ArcherysecCentralize Vulnerability Assessment and Management for DevSecOps Team
Stars: ✭ 1,802 (+2954.24%)
ApicheckThe DevSecOps toolset for REST APIs
Stars: ✭ 184 (+211.86%)
TerragoatTerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Stars: ✭ 461 (+681.36%)
DevsecopsThis repository contains information about DevSecOps and how to get involved in this community effort.
Stars: ✭ 103 (+74.58%)
ContainersshContainerSSH: Launch containers on demand
Stars: ✭ 195 (+230.51%)
Dependency TrackDependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Stars: ✭ 718 (+1116.95%)
rest-apiREST API backend for Reconmap
Stars: ✭ 48 (-18.64%)
ThreagileAgile Threat Modeling Toolkit
Stars: ✭ 162 (+174.58%)
Awesome Threat ModellingA curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Stars: ✭ 319 (+440.68%)
FaradayFaraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+5320.34%)
TerrascanDetect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Stars: ✭ 2,687 (+4454.24%)
WhispersIdentify hardcoded secrets and dangerous behaviours
Stars: ✭ 66 (+11.86%)
PurifyAll-in-one tool for managing vulnerability reports from AppSec pipelines
Stars: ✭ 72 (+22.03%)
Kubernetes GoatKubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.
Stars: ✭ 868 (+1371.19%)
Awesome DevsecopsCurating the best DevSecOps resources and tooling.
Stars: ✭ 188 (+218.64%)
ggshield-actionGitGuardian Shield GitHub Action - Find exposed credentials in your commits
Stars: ✭ 304 (+415.25%)
ThreatmapperIdentify vulnerabilities in running containers, images, hosts and repositories
Stars: ✭ 361 (+511.86%)
HunterHunter作为中通DevSecOps闭环方案中的一环,扮演着很重要的角色,开源之后希望能帮助到更多企业。
Stars: ✭ 283 (+379.66%)
Gg Shield ActionGitGuardian Shield GitHub Action - Find exposed credentials in your commits
Stars: ✭ 248 (+320.34%)
Nodejsscannodejsscan is a static security code scanner for Node.js applications.
Stars: ✭ 1,874 (+3076.27%)
Bunkerized Nginx🛡️ Make your web services secure by default !
Stars: ✭ 2,361 (+3901.69%)
Njsscannjsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Stars: ✭ 128 (+116.95%)
Awesome DevsecopsAn authoritative list of awesome devsecops tools with the help from community experiments and contributions.
Stars: ✭ 2,805 (+4654.24%)
KccssKubernetes Common Configuration Scoring System
Stars: ✭ 111 (+88.14%)
prowlerProwler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+13537.29%)
Mobile Security Framework MobsfMobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+17208.47%)
Awesome Devsecops ruПодборка выступлений и публикаций на тему DevSecOps на русском и не только)
Stars: ✭ 62 (+5.08%)
kdtCLI to interact with Kondukto
Stars: ✭ 18 (-69.49%)
ReapsawReapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
Stars: ✭ 37 (-37.29%)
CheckovPrevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+5954.24%)
CmsscanCMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
Stars: ✭ 775 (+1213.56%)
TrivyScanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
Stars: ✭ 9,673 (+16294.92%)
Gg ShieldDetect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.
Stars: ✭ 708 (+1100%)
Sbt Dependency CheckSBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+216.95%)
Kube Scankube-scan: Octarine k8s cluster risk assessment tool
Stars: ✭ 566 (+859.32%)
lunasecLunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+2037.29%)
GlueApplication Security Automation
Stars: ✭ 412 (+598.31%)
ThreatplaybookA unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Stars: ✭ 173 (+193.22%)
HammerDow Jones Hammer : Protect the cloud with the power of the cloud(AWS)
Stars: ✭ 330 (+459.32%)
caddy-security🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
Stars: ✭ 696 (+1079.66%)
My LinksKnowledge seeks no man
Stars: ✭ 311 (+427.12%)
Devsecops🔱 Collection and Roadmap for everyone who wants DevSecOps.
Stars: ✭ 171 (+189.83%)
SecurecodeboxsecureCodeBox (SCB) - continuous secure delivery out of the box
Stars: ✭ 279 (+372.88%)
DevSecOpsUltimate DevSecOps library
Stars: ✭ 4,450 (+7442.37%)
Application Security Engineer Interview QuestionsSome of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Stars: ✭ 267 (+352.54%)
Openrasp🔥Open source RASP solution
Stars: ✭ 2,036 (+3350.85%)
TfsecSecurity scanner for your Terraform code
Stars: ✭ 3,622 (+6038.98%)
Sast ScanScan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.
Stars: ✭ 234 (+296.61%)
privapiDetect Sensitive REST API communication using Deep Neural Networks
Stars: ✭ 42 (-28.81%)
dep-scanFully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+486.44%)
ggshieldFind and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Stars: ✭ 1,272 (+2055.93%)
ChopchopChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
Stars: ✭ 227 (+284.75%)
Django DefectdojoDefectDojo is an open-source application vulnerability correlation and security orchestration tool.
Stars: ✭ 1,926 (+3164.41%)