devsecops

There are 134 repositories under devsecops topic.

aquasecurity / trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
security security-tools docker containers vulnerability-scanners vulnerability-detection vulnerability golang go kubernetes hacktoberfest devsecops misconfiguration infrastructure-as-code iac
Language:Go 21554
Mobile-Security-Framework-MobSF
MobSF / Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
static-analysis dynamic-analysis mobsf android-security mobile-security windows-mobile-security ios-security api-testing web-security malware-analysis runtime-security devsecops apk rest cwe owasp mstg masvs mastg
Language:JavaScript 16414
gitleaks / gitleaks
Protect and discover secrets using Gitleaks 🔑
security security-tools git golang go secret gitleaks devsecops hacktoberfest
Language:Go 15360
trufflehog
trufflesecurity / trufflehog
Find and verify secrets
secret trufflehog credentials security devsecops dynamic-analysis security-tools secrets verification hacktoberfest secret-management precommit scanning
Language:Go 14009
prowler
prowler-cloud / prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
security security-tools security-audit security-hardening hardening aws cis-benchmark compliance gdpr forensics cloud well-architected devsecops azure iam python gcp multi-cloud
Language:Python 9636
gravitl / netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
wireguard virtual-network vpn mesh zero-trust devsecops networking network k8s kubernetes wireguard-ui cloud security wg-quick wireguard-vpn vpn-server virtual-networking self-hosted
Language:Go 9006
Scanners-Box
We5ter / Scanners-Box
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
pentesting-tools hacker-tools vulnerability-scanners information-security redteam-tools penetration-testing devsecops security-automation smart-contracts privacy-compliance apk-analysis binary-analysis exploitation-framework malware-analysis security-audit code-analyzer static-analysis wifi-hacking wifi-security
8009
tfsec
aquasecurity / tfsec
Security scanner for your Terraform code
terraform security scanner static-analysis ci aws azure google-cloud-platform compliance infrastructure-as-code devsecops vulnerability-scanners misconfiguration digitalocean devops linter go terraform-security hacktoberfest
Language:Go 6582
steampipe
turbot / steampipe
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
aws azure cis cloud cnapp cspm devops devsecops etl gcp golang kubernetes postgresql postgresql-fdw security sql sqlite steampipe terraform zero-etl
Language:Go 6454
firezone
firezone / firezone
WireGuard®-based zero-trust access platform with OIDC auth, identity sync, and NAT traversal.
cloud vpn firewall security wireguard wireguard-vpn wireguard-ui vpn-server network-security self-hosted virtual-network network networking devsecops privacy elixir elixir-lang rust-lang liveview phoenix
Language:Elixir 6262
sottlmarek / DevSecOps
Ultimate DevSecOps library
security devops devsecops cloud tool aws k8s docker awesome-list azure gcp kubernetes ssdlc awesome cybersecurity serverless ci-cd automation containers
5311
ThreatMapper
deepfence / ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
cloud-native vulnerability-management threat-analysis devsecops secops registry-scanning security-tools cwpp observability cloudsecurity vulnerability-scanners vulnerability-detection scanning-tool cnapp compliance containers cspm devops kubernetes hacktoberfest
Language:TypeScript 4651
infobyte / faraday
Open Source Vulnerability Management Platform
devops penetration-testing vulnerability vulnerability-scanners security security-audit pentesting continuous-scanning infosec vulnerability-management collaboration burpsuite nessus nmap devsecops security-automation orchestration cve appsec cybersecurity
Language:Python 4638
terrascan
tenable / terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
security-tools infrastructure-as-code devsecops devops security terraform aws cloudsecurity cloud-security terrascan infrastructure security-violations architecture kubernetes iac sast azure-security aws-security gcp-security scans
Language:Go 4529
devsecops / awesome-devsecops
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
devsecops threat-intelligence devops podcast
4415
kubernetes-goat
madhuakula / kubernetes-goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
kubernetes vulnerable-app security hacking pentesting infrastructure cloud-security docker container kubernetes-goat devsecops cloudsecurity kubernetes-security container-security owasp cloud-native k8s blueteam redteam
Language:HTML 3995
bunkerweb
bunkerity / bunkerweb
🛡️ Make your web services secure by default !
nginx modsecurity docker security dnsbl reverse-proxy bunkerized-nginx hardening web-security security-tuning cybersecurity devsecops antibot letsencrypt swarm kubernetes devops hosting waf web-application-firewall
Language:Python 3515
DefectDojo / django-DefectDojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
analytics appsec automation devsecops django hacktoberfest kubernetes owasp python security security-automation security-orchestration vulnerability-correlation vulnerability-databases vulnerability-management
Language:HTML 3427
dalfox
hahwul / dalfox
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
xss security bugbounty bugbounty-tool golang xss-scanner devsecops cicd-pipeline vulnerability xss-detection xss-bruteforce xss-exploit
Language:Go 3330
deepfence / SecretScanner
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
scanning-tool secret-keys secrets-management infosectools vulnerability-scanners k8s containers kubernetes secrets docker security-tools security password secrets-detection devsecops hacktoberfest
Language:Go 2964
baidu / openrasp
🔥Open source RASP solution
waf devsecops security iast rasp
Language:C++ 2704
ContainerSSH
ContainerSSH / ContainerSSH
ContainerSSH: Launch containers on demand
containers devsecops docker kubernetes security security-tools ssh
Language:Go 2582
dependency-track
DependencyTrack / dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
owasp appsec security bom vulnerabilities component-analysis nvd software-security software-composition-analysis sca bill-of-materials vulndb package-url purl vulnerability-detection ossindex sbom devsecops security-automation cyclonedx
Language:Java 2355
ajinabraham / nodejsscan
nodejsscan is a static security code scanner for Node.js applications.
javascript nodejs static-analysis security security-scanner sast devsecops code-analysis code-review node node-security nodejsscan lint
Language:CSS 2329
archerysec / archerysec
Automate Your Application Security Orchestration And Correlation (ASOC) Using ArcherySec.
vulnerability-assessment vulnerabilities scanning pentesting vulnerability-management opensource pentesters secdevops devops devops-tools devsecops
Language:JavaScript 2206
Checkmarx / kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
iac infrastructure-as-code security appsec cloudnative hacktoberfest devsecops golang security-tools vulnerability-detection vulnerability-scanners open-policy-agent
Language:Open Policy Agent 1914
cicd-goat
cider-security-research / cicd-goat
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
appsec cicd ctf devops devsecops gitlab infosec jenkins security
Language:Python 1818
DevSecOps-Playbook
6mile / DevSecOps-Playbook
This is a step-by-step guide to implementing a DevSecOps program for any size organization
devsecops security playbook
1813
bearer
Bearer / bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
appsec compliance devsecops devsecops-tools security security-tools dataflow gdpr privacy sast static-code-analysis vulnerability security-audit security-scanner vulnerabilities code-quality static-analysis security-automation owasp
Language:Go 1772
DevSecOps
hahwul / DevSecOps
♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
devsecops devops roadmap security awesome-list collections tools
Language:Go 1643
joseadanof / awesome-cloudnative-trainings
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
cloud-native cncf containers continuous-learning devops devsecops istio k8s kubernetes linux-foundation service-mesh
1558
GitGuardian / ggshield
Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
devsecops security credentials apikey key code leak scanning precommit secrets-detection secrets-management iac iac-security infrastructure-as-code
Language:Python 1534
noseyparker
praetorian-inc / noseyparker
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
credentials devsecops penetration-testing rust scanner security security-tools secrets secrets-detection
Language:Rust 1517
krol3 / container-security-checklist
Checklist for container security - devsecops practices
containers devsecops security
1474
lunasec-io / lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
compliance continuous-delivery cve-scanning cybersecurity dependency-analysis devsecops gdpr log4shell pci-dss sbom sbom-generator scanning scanning-tool security security-tools soc2 software-composition-analysis tokenization web-security zero-trust
Language:TypeScript 1410
ASTTeam / CodeQL
《深入理解CodeQL》Finding vulnerabilities with CodeQL.
0e0w codeql codeql-queries devsecops hackaspx hackgolang hackjava javasec learning-codeql ql sast semmle-ql
1347