4946 Open source projects that are alternatives of or similar to Securecodebox

DefectDojo is an open-source application vulnerability correlation and security orchestration tool.

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).

Web application vulnerability scanner

Performing security tests inside your CI

🔎 shodansploit > v1.3.0

All-in-one tool for managing vulnerability reports from AppSec pipelines

File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

HackerOne "in scope" domains

Dashboard to collect, analyze, and respond to reported phishing emails.

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

memory search and patch tool on debuggable apk without root & ndk

Fuzz your Rust code with Google-developed Honggfuzz !

安全编排与自动化响应平台

Shuffle: A general purpose security automation platform platform. We focus on accessibility for all.

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Kubernetes Universal Declarative Operator (KUDO)

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

A command-line tool to get valuable information out of AWS CloudTrail

Automated NoSQL database enumeration and web application exploitation tool.

Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale

The OWASP ZAP Heads Up Display (HUD)

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

NebulousAD automated credential auditing tool.

Custom memory allocator that helps discover reads from uninitialized memory

ContainerSSH: Launch containers on demand

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

Awesome Java Security Resources 🕶☕🔐

GitGuardian Shield GitHub Action - Find exposed credentials in your commits

NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

DeimosC2 is a Golang command and control framework for post-exploitation.

This is the official main repository for the Assimilation project

OWASP ZAP Add-ons

🤖 The Modern Port Scanner 🤖

Kubernetes Operator for OpenTelemetry Collector

The OWASP ZAP core project

A Kubernetes Operator for Percona XtraDB Cluster

Deploy, update, and stage your WAFs while managing them centrally via FMS.

Vulnerability assessment and penetration testing automation and reporting platform for teams.

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

Java SDK for building Kubernetes Operators

Security scanner for your Terraform code

Curating the best DevSecOps resources and tooling.

Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.

Capture-the-Flag (CTF) environment setup tools for OWASP Juice Shop

Improve your code security by running different security checks/validation in a simple way.

Collection of Kubernetes Operators built with KUDO.

This script is designed to help expedite a web application assessment by automating some of the assessment steps (e.g., running nmap, sublist3r, metasploit, etc.)

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

All that is required to run MobSF in the ci

Plugin to block compilation when unapproved dependencies are used or code styling does not comply.

This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.

Helps you continuously monitor and fix common security vulnerabilities in your Django application.

SIde-Channel Analysis toolKit: embedded security evaluation tools

YARA malware query accelerator (web frontend)

Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats