101 Open source projects that are alternatives of or similar to Riskassessmentframework

Hunter作为中通DevSecOps闭环方案中的一环，扮演着很重要的角色，开源之后希望能帮助到更多企业。

⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana

📚 Overview 🔒 Tooling 🔒 Process 🔒 Physical 🔒 People 📚

Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)

Growing repository of Infrastructure as Code demos (initially created for DevOps Wall Street)

This repository contains information about DevSecOps and how to get involved in this community effort.

IAST 灰盒扫描工具

🔥Open source RASP solution

Best practices and integrations available for Spring Boot based Microservice in a single repository.

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

Application Security Automation

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Knowledge seeks no man

🛡️ Make your web services secure by default !

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

All-in-one tool for managing vulnerability reports from AppSec pipelines

Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.

The DevSecOps toolset for REST APIs

Build a CI/CD for Microservices and Serverless Functions in AWS ☁️

Kubernetes Goat is "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security.

A DevSecOps framework powered by Nix.

Awesome DevSecOps на русском языке

GitHub Advance Security Compliance Action

Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

Integrate SonarQube scanner to GitHub Actions

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Identify vulnerabilities in running containers, images, hosts and repositories

🔱 Collection and Roadmap for everyone who wants DevSecOps.

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

Kubernetes Common Configuration Scoring System

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

secureCodeBox (SCB) - continuous secure delivery out of the box

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

Agile Threat Modeling Toolkit

Helps you continuously monitor and fix common security vulnerabilities in your Django application.

Подборка выступлений и публикаций на тему DevSecOps на русском и не только)

All that is required to run MobSF in the ci

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

A GDPR Data Protection Impact Assessment (DPIA) tool to assist organisations to evaluate data protection risks with respect to the EU's General Data Protection Regulation. 🇪🇺

Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

nodejsscan is a static security code scanner for Node.js applications.

Test and monitor your projects for vulnerabilities with Jenkins. This plugin is officially maintained by Snyk.

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228)

A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

Centralize Vulnerability Assessment and Management for DevSecOps Team

Awesome PHP Security Resources 🕶🐘🔐

ContainerSSH: Launch containers on demand

Curating the best DevSecOps resources and tooling.

🔐 Docker Container for Penetration Testing & Security

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

kube-scan: Octarine k8s cluster risk assessment tool