tohch4

juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

oscaljs

A proof of concept of building OSCAL utility classes using the official NIST OSCAL JSON Schema.

ars-machine-readable

Publish a machine readable version of the ARS standards to facilitate compliance as code efforts.

AWS-DevSecOps-Factory

Sample DevSecOps pipelines (heavily biased on the "Sec") for various stacks and tools using open-source security tools and AWS native services

bad-converter-app

A temp conversion sample app with a twist, it will steal your creds1

checkov

Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

cms-ars-3.1-manual-controls-baseline

cms-ars-3.1-manual-controls-baseline-1

InSpec profile baseline to automate manual controls of CMS ARS 3.1, validating any/all of its 489 security controls.

compliance-io

Python library for reading/writing compliance as code

CUB

docsy-example

An example documentation site using the Docsy Hugo theme

inspec

InSpec: Auditing and Testing Framework

inspec-vault

An InSpec input source plugin for HashiCorp Vault

js-releases

Download packages from releases.hashicorp.com

katacoda-scenarios

Katacoda Scenarios

malicious-pdf

Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator

oh-no-know-ato

A collection of ideas information about RMF practice for modern service delivery (I think).

packer-windows10

A Packer build for Windows 10

pinty

Operate and manipulate physical quantities in Python

pymetaschema

An experimental library for Python 3.x to generate classes that operate with Metaschema schemas.

saxon.he

A mirror of the git repository for the Saxon Home Edition XML engine and XSLT processor.

security-stack-mappings

This project empowers defenders with independent data on which native security controls of leading technology platforms are most useful in defending against the adversary TTPs they care about.

Serverless-Workshop

Serverless Workshop

setup-compliance-masonry

A prototype integration with OpenControl compliance-masonry tool wiithin the Github Actions ecosystem.

setup-terraform

Sets up Terraform CLI in your GitHub Actions workflow.

ssp-toolkit

Automate the creation of a System Security Plan (SSP)

terraform-examples

Terraform samples for all the major clouds you can copy and paste. The future, co-created.

threat-model-cookbook

This project is about creating and publishing threat model examples.

tmdl

An attempt at creating a unifying Threat Model Definition Language using a declarative syntax with cuelang

websec-check

web security checklist for Firefox Services