265 Open source projects that are alternatives of or similar to secure-pipeline-advisor

Helps you continuously monitor and fix common security vulnerabilities in your Django application.

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

secureCodeBox (SCB) - continuous secure delivery out of the box

Secure, Unified, Powerful and Extensible Rust Android Analyzer

🔎 shodansploit > v1.3.0

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Web Scan Lazy Tools - Python Package

Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network

A tool to monitor local network traffic for possible security vulnerabilities. Warns user against possible nmap scans, Nikto scans, credentials sent in-the-clear, and shellshock attacks. Currently supports live monitoring and network capture (pcap) scanning.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).

GitHub Advance Security Compliance Action

Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.

All-in-one tool for managing vulnerability reports from AppSec pipelines

Sandfly Security Agentless Compromise and Intrusion Detection System For Linux

⚡️ Docker official image for Wallarm Node. API security platform agent.

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

kube-scan: Octarine k8s cluster risk assessment tool

nodejsscan is a static security code scanner for Node.js applications.

Web application vulnerability scanner

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

This is the new version of dirb in python

Checklist for container security - devsecops practices

Install Kali Linux Tools & Others on your Linux.

A schema and set of tools for using SQL to query cloud infrastructure.

Scan secrets from Continuous Integration Build Logs

Tool for breaking into web applications.

The goal of this program is to quickly pull and install repos from its list

DevSecOps Toolchain

'Continuous' AWS perimeter monitoring: Periodically scan internet facing AWS resources to detect misconfigured services.

Detect Sensitive REST API communication using Deep Neural Networks

🤖 Run a Mayhem for API scan in GitHub Actions

This repository includes cloud security policies for IaC and live resources.

La intención de la workshop es mostrar y orientar a los equipos de desarrollo, seguridad y devops (entre otros) que quieran comenzar en DevSecOps, a segurar sus aplicaciones o bien a conocer un poco más acerca del desarrollo seguro, para esto, estaremos otorgando algunos tips e información que fuimos aprendiendo para armar un Pipeline DevSecOps …

Jxnet is a Java library for capturing and sending custom network packet buffers with no copies. Jxnet wraps a native packet capture library (libpcap/winpcap/npcap) via JNI (Java Native Interface).

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

Login hunter of default credentials for administrative web interfaces leveraging NNdefaccts dataset.

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.

Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common misconfigurations and security holes.

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.

Vilicus is an open source tool that orchestrates security scans of container images(docker/oci) and centralizes all results into a database for further analysis and metrics.

CLI to interact with Kondukto

Protect and discover secrets using Gitleaks 🔑

Tool for scan vulnerabilities in Moodle platforms

An open source, multi-cloud DevSecOps compliance checker

Deep Security's APIs make it simple to integration with a variety of AWS Services

GitGuardian Shield GitHub Action - Find exposed credentials in your commits

Ultimate DevSecOps library