Scancode Toolkit🔎 ScanCode detects licenses, copyrights, package manifests & dependencies and more by scanning code ... to discover and inventory open source and third-party packages used in your code.
Stars: ✭ 1,134 (+4830.43%)
Clia lightweight, security focused, BDD test framework against terraform.
Stars: ✭ 918 (+3891.3%)
DatabunkerSecure storage for personal records built to comply with GDPR
Stars: ✭ 122 (+430.43%)
DatadefenderSensitive Data Management: Data Discovery and Anonymization toolkit
Stars: ✭ 79 (+243.48%)
SpeedleSpeedle is an open source project for access control.
Stars: ✭ 153 (+565.22%)
Sudo pairPlugin for sudo that requires another human to approve and monitor privileged sudo sessions
Stars: ✭ 1,077 (+4582.61%)
OpaAn open source, general-purpose policy engine.
Stars: ✭ 5,939 (+25721.74%)
Information Security TasksThis repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Stars: ✭ 108 (+369.57%)
RudderContinuous Auditing & Configuration
Stars: ✭ 314 (+1265.22%)
WazuhWazuh - The Open Source Security Platform
Stars: ✭ 3,154 (+13613.04%)
TfsecSecurity scanner for your Terraform code
Stars: ✭ 3,622 (+15647.83%)
Terraform Security ScanRun a security scan on your terraform with the very nice https://github.com/liamg/tfsec
Stars: ✭ 64 (+178.26%)
Todogroup.orgThe group for companies that run open source programs
Stars: ✭ 144 (+526.09%)
PantherDetect threats with log data and improve cloud security posture
Stars: ✭ 885 (+3747.83%)
cis benchmarks auditSimple command line tool to check for compliance against CIS Benchmarks
Stars: ✭ 182 (+691.3%)
Simp CoreThe base SIMP build repository
Stars: ✭ 111 (+382.61%)
OrtA suite of tools to assist with reviewing Open Source Software dependencies.
Stars: ✭ 446 (+1839.13%)
Wazuh DockerWazuh - Docker containers
Stars: ✭ 213 (+826.09%)
Cloud CustodianRules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
Stars: ✭ 3,926 (+16969.57%)
Qa Checks V4PowerShell scripts to ensure consistent and reliable build quality and configuration for your servers
Stars: ✭ 94 (+308.7%)
Windows Secure Host BaselineConfiguration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
Stars: ✭ 1,288 (+5500%)
ProwlerProwler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+19730.43%)
Opa Envoy PluginA plugin to enforce OPA policies with Envoy
Stars: ✭ 185 (+704.35%)
ContentSecurity automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Stars: ✭ 1,219 (+5200%)
prowlerProwler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+34882.61%)
Server Qa ChecksA bunch of QA checks to run against one or more servers to make sure they are built to a specific standard.
Stars: ✭ 72 (+213.04%)
DockerspecA small Ruby Gem to run RSpec and Serverspec, Infrataster and Capybara tests against Dockerfiles or Docker images easily.
Stars: ✭ 181 (+686.96%)
LynisLynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+39626.09%)
lunasecLunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+5382.61%)
Inspec toolsA command-line and ruby API of utilities, converters and tools for creating, converting and processing security baseline formats, results and data
Stars: ✭ 65 (+182.61%)
Immudbimmudb - world’s fastest immutable database, built on a zero trust model
Stars: ✭ 3,743 (+16173.91%)
Internet.nlInternet standards compliance test suite
Stars: ✭ 56 (+143.48%)
Dns ViolationsList of DNS violations by implementations, software and/or systems
Stars: ✭ 216 (+839.13%)
Gdpr TrackerA crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors
Stars: ✭ 142 (+517.39%)
Wazuh ChefWazuh - Chef cookbooks
Stars: ✭ 9 (-60.87%)
client-go-examplesCollection of mini-programs demonstrating Kubernetes client-go usage.
Stars: ✭ 722 (+3039.13%)
OpenscapNIST Certified SCAP 1.2 toolkit
Stars: ✭ 750 (+3160.87%)
KubeconformA FAST Kubernetes manifests validator, with support for Custom Resources!
Stars: ✭ 111 (+382.61%)
ComplyCompliance automation framework, focused on SOC2
Stars: ✭ 596 (+2491.3%)
TernTern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBoM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
Stars: ✭ 505 (+2095.65%)
FossologyFOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.
Stars: ✭ 440 (+1813.04%)
dep-scanFully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+1404.35%)
Macos securitymacOS Security Compliance Project
Stars: ✭ 348 (+1413.04%)
SiacSIAC is an enterprise SIEM built on open-source technology.
Stars: ✭ 100 (+334.78%)
Ossec HidsOSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Stars: ✭ 3,580 (+15465.22%)
InspecInSpec: Auditing and Testing Framework
Stars: ✭ 2,450 (+10552.17%)
NetshotNetwork Configuration and Compliance Management
Stars: ✭ 91 (+295.65%)
rbac-toolRapid7 | insightCloudSec | Kubernetes RBAC Power Toys - Visualize, Analyze, Generate & Query
Stars: ✭ 546 (+2273.91%)
kraphGo module for scraping APIs to graphs
Stars: ✭ 12 (-47.83%)
CheckovPrevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.
Stars: ✭ 3,572 (+15430.43%)
Cloudquerycloudquery transforms your cloud infrastructure into SQL or Graph database for easy monitoring, governance and security.
Stars: ✭ 1,300 (+5552.17%)