devsecops

There are 75 repositories under devsecops topic.

• aquasecurity / trivy

  Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets

  securitysecurity-toolsdockercontainersvulnerability-scannersvulnerability-detectionvulnerabilitygolanggokuberneteshacktoberfestdevsecopsmisconfigurationinfrastructure-as-codeiac
  Language:Go 13258
• Mobile-Security-Framework-MobSF

  MobSF / Mobile-Security-Framework-MobSF

  Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

  static-analysisdynamic-analysispythonmobsfandroid-securitymobile-securitywindows-mobile-securityios-securitymobile-security-frameworkapi-testingweb-securitymalware-analysisruntime-securitydevsecopsapkrestcweowaspmstgmasvs
  Language:JavaScript 11850

• zricethezav / gitleaks

  Protect and discover secrets using Gitleaks 🔑

  devsecopsgitgitleaksgogolangsecretsecuritysecurity-tools
  Language:Go 10446
• Scanners-Box

  We5ter / Scanners-Box

  A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

  pentesting-toolshacker-toolsvulnerability-scannersinformation-securityredteam-toolspenetration-testingdevsecopssecurity-automationsmart-contractsprivacy-complianceapk-analysisbinary-analysisexploitation-frameworkmalware-analysissecurity-auditcode-analyzerstatic-analysiswifi-hackingwifi-security
  6589
• prowler

  prowler-cloud / prowler

  Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 240 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

  securitysecurity-toolssecurity-auditsecurity-hardeningcloudtrailhardeningaws-cliawscis-benchmarkassessmentaws-auditingcompliancegdprhipaacisforensicscloudwell-architecteddevsecopshacktoberfest
  Language:Shell 6414
• tfsec

  aquasecurity / tfsec

  Security scanner for your Terraform code

  terraformsecurityscannerstatic-analysisciawsazuregoogle-cloud-platformcomplianceinfrastructure-as-codedevsecopsvulnerability-scannersmisconfigurationdigitaloceandevopslintergoterraform-security
  Language:Go 4893

• gravitl / netmaker

  Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

  clouddevsecopsgolangk8skubernetesmeshmesh-networksnetmakernetworknetworkingopenvpnsecurityvirtual-networkvpnwg-quickwireguardwireguard-uizero-configurationzero-trustzero-trust-network
  Language:Go 4684

• bridgecrewio / checkov

  Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

  terraformstatic-analysisawsgcpazureaws-securityazure-securitygcp-securitycloudformationscanscompliancekuberneteskubernetes-securitydevsecopspolicy-as-codeinfrastructure-as-codedevopsterraform-securityhacktoberfestbicep
  Language:Python 4522

• infobyte / faraday

  Open Source Vulnerability Management Platform

  devopspenetration-testingvulnerabilityvulnerability-scannerssecuritysecurity-auditpentestingcontinuous-scanninginfosecvulnerability-managementcollaborationburpsuitenessusnmapdevsecopssecurity-automationorchestrationcveappseccybersecurity
  Language:Python 3430
• terrascan

  tenable / terrascan

  Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

  security-toolsinfrastructure-as-codedevsecopsdevopssecurityterraformawscloudsecuritycloud-securityterrascaninfrastructuresecurity-violationsarchitecturekubernetesiacsastazure-securityaws-securitygcp-securityscans
  Language:Go 3225

• sottlmarek / DevSecOps

  Ultimate DevSecOps library

  securitydevopsdevsecopscloudtoolawsk8sdockerawesome-listazuregcpkubernetesssdlcawesomecybersecurityserverlessci-cdautomationcontainers
  3207

• devsecops / awesome-devsecops

  An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

  devsecopsthreat-intelligencedevopspodcast
  3116
• kubernetes-goat

  madhuakula / kubernetes-goat

  Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

  cloud-nativecloud-securitycloudsecuritycontainercontainer-securitydevsecopsdockerhackinghelminfrastructurekuberneteskubernetes-goatkubernetes-securitymicroservicesowasppentestingsecurityvulnerable-app
  Language:HTML 2663
• bunkerweb

  bunkerity / bunkerweb

  🛡️ Make your web services secure by default !

  nginxclamavmodsecuritydockersecuritydnsblcrowdsecreverse-proxybunkerized-nginxhardeningweb-securitysecurity-tuningcybersecuritydevsecopsantibotletsencryptswarmkubernetesdevopshosting
  Language:Python 2614
• firezone

  firezone / firezone

  WireGuard®-based VPN server and firewall

  cloudvpnfirewallsecuritywireguardwireguard-vpnwireguard-uivpn-servernetwork-securityself-hostedvirtual-networknetworknetworkingdevsecopswg-easywg-quick
  Language:Elixir 2611

• DefectDojo / django-DefectDojo

  DefectDojo is a DevSecOps and vulnerability management tool.

  pythonvulnerability-databasesdjangosecurityowaspanalyticsvulnerability-managementautomationsecurity-automationsecurity-orchestrationdevsecopsvulnerability-correlationkuberneteshacktoberfestappsec
  Language:HTML 2295

• baidu / openrasp

  🔥Open source RASP solution

  wafdevsecopssecurityiastrasp
  Language:C++ 2265

• ajinabraham / nodejsscan

  nodejsscan is a static security code scanner for Node.js applications.

  javascriptnodejsstatic-analysissecuritysecurity-scannersastdevsecopscode-analysiscode-reviewnodenode-securitynodejsscanlint
  Language:CSS 2006

• archerysec / archerysec

  Centralize Vulnerability Assessment and Management for DevSecOps Team

  vulnerability-assessmentvulnerabilitiesscanningpentestingvulnerability-managementopensourcepentesterssecdevopsdevopsdevops-toolsdevsecops
  Language:Python 1958
• dalfox

  hahwul / dalfox

  🌙🦊 DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility

  xsssecuritybugbountybugbounty-toolgolangxss-scannerdevsecopscicd-pipelinevulnerabilityxss-detectionxss-bruteforcexss-exploit
  Language:Go 1936
• ThreatMapper

  deepfence / ThreatMapper

  🔥 🔥 Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more. 🔥 🔥

  cloud-nativeserverlessvulnerability-managementthreat-analysisdevsecopssecopsregistry-scanningvulnerability-scanningsecurity-toolssecurity-vulnerabilitylog4j2cwppobservabilitycloudsecurityvulnerability-scannersvulnerability-detectionvulnerability-assessmentscanning-tool
  Language:JavaScript 1835

• deepfence / SecretScanner

  :unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

  scanning-toolsecret-keyssecrets-managementinfosectoolsvulnerability-scannersk8scontainerskubernetessecretsdockersecurity-toolssecuritypasswordsecrets-detectiondevsecops
  Language:Go 1386
• dependency-track

  DependencyTrack / dependency-track

  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

  owaspappsecsecuritybomvulnerabilitiescomponent-analysisnvdsoftware-securitysoftware-composition-analysisscabill-of-materialsvulndbpackage-urlpurlvulnerability-detectionossindexsbomdevsecopssecurity-automationcyclonedx
  Language:Java 1268

• lunasec-io / lunasec

  LunaSec - Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. Get started in one-click via our GitHub App or host it yourself. https://github.com/apps/lunatrace-by-lunasec/

  compliancecve-scanningcybersecuritydependency-analysisdevsecopsgdprhardeninglog4shellpci-dssprivacy-by-designsbomsbom-generatorscanningscanning-toolsecuritysecurity-toolssoc2tokenizationweb-securityzero-trust
  Language:TypeScript 1137

• GitGuardian / ggshield

  Detect secrets in source code, scan git repos, and use pre commit hooks to prevent API key leaks.

  devsecopssecretsecuritycredentialsapiapikeykeycodedetectionleakscanningprecommitshiftleft
  Language:Python 1075

• krol3 / container-security-checklist

  Checklist for container security - devsecops practices

  containersdevsecopssecurity
  960

• ahmedtariq01 / Cloud-DevOps-Learning-Resources

  This repo includes Books and imp notes related to GCP, Azure, AWS, Docker, K8s, and DevOps. More, exam and interview prep notes.

  ansibleawsazuredevopsgcpjenkinsbooksdockerkubernetesnotesazure-devopsterraformdevops-toolslinuxmulticloudcloudcomputingcloudsecuritycicddevsecopscontainers
  949

• ajinabraham / CMSScan

  CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

  wordpressdrupaljoomlavbulletinsecurityautomationdevsecopssecurity-dashboard
  Language:CSS 872
• DevSecOps-Playbook

  6mile / DevSecOps-Playbook

  This is a step-by-step guide to implementing a DevSecOps program for any size organization

  devsecopssecurityplaybook
  842
• cicd-goat

  cider-security-research / cicd-goat

  A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

  appseccicdctfdevopsdevsecopsinfosecjenkinssecurity
  Language:Python 813

• guardrailsio / awesome-php-security

  Awesome PHP Security Resources 🕶🐘🔐

  phpsecuritysecurity-toolsapplication-securitydevsecopsawesome-listawesome
  804

• bridgecrewio / terragoat

  TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

  terraformaws-securitycloud-securitygoatazure-securitygcp-securitydevsecops
  Language:HCL 780
• awesome-threat-modelling

  hysnsec / awesome-threat-modelling

  A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

  threat-modelingpractical-devsecopssecurity-reviewdevsecops-universityappsecdevsecopsawesomeawesome-list
  Language:Dockerfile 726
• kube-scan

  octarinesec / kube-scan

  kube-scan: Octarine k8s cluster risk assessment tool

  k8ssecurity-toolssecurity-scannersecurity-auditsecuritydevopsdevsecopskubernetescloud-nativesecurity-scanners
  Language:Go 715

• XmirrorSecurity / OpenSCA-cli

  OpenSCA is a Software Composition Analysis (SCA) solution that supports detection of open source component dependencies and vulnerabilities.

  scadevsecopsopenscasecurity
  Language:Go 683
• awesome-devsecops

  TaptuIT / awesome-devsecops

  Curating the best DevSecOps resources and tooling.

  application-securitydevopsdevsecopssecure-software-developmentawesome-listawesomehacktoberfest
  645