devsecops

There are 151 repositories under devsecops topic.

aquasecurity / trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
containers devsecops docker go golang hacktoberfest iac infrastructure-as-code kubernetes misconfiguration security security-tools vulnerability vulnerability-detection vulnerability-scanners
Language:Go 24087
gitleaks / gitleaks
Find secrets with Gitleaks 🔑
devsecops git gitleaks go golang hacktoberfest secret security security-tools
Language:Go 18191
Mobile-Security-Framework-MobSF
MobSF / Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
static-analysis dynamic-analysis mobsf android-security mobile-security windows-mobile-security ios-security api-testing web-security malware-analysis runtime-security devsecops apk rest cwe owasp mstg masvs mastg
Language:JavaScript 17751
trufflehog
trufflesecurity / trufflehog
Find, verify, and analyze leaked credentials
secret trufflehog credentials security devsecops dynamic-analysis security-tools secrets verification hacktoberfest secret-management precommit scanning
Language:Go 17638
bytebase
bytebase / bytebase
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
mysql tidb postgresql snowflake cicd sql-client oracle sqlserver schema-migrations gitops flyway liquibase devsecops data-masking data-security security dbeaver database-access jumpserver pam
Language:Go 11638
prowler
prowler-cloud / prowler
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.
security security-tools security-audit security-hardening hardening aws cis-benchmark compliance gdpr forensics cloud well-architected devsecops azure iam python gcp multi-cloud saas cspm
Language:Python 10974
gravitl / netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
wireguard virtual-network vpn mesh zero-trust devsecops networking network k8s kubernetes wireguard-ui cloud security wg-quick wireguard-vpn vpn-server virtual-networking self-hosted mesh-network overlay-network
Language:Go 9607
Scanners-Box
We5ter / Scanners-Box
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
pentesting-tools hacker-tools vulnerability-scanners information-security redteam-tools penetration-testing devsecops security-automation smart-contracts privacy-compliance apk-analysis binary-analysis exploitation-framework malware-analysis security-audit code-analyzer static-analysis wifi-hacking wifi-security
8335
bunkerweb
bunkerity / bunkerweb
🛡️ Open-source and next-generation Web Application Firewall (WAF)
nginx modsecurity docker security dnsbl reverse-proxy bunkerized-nginx hardening web-security security-tuning cybersecurity devsecops antibot letsencrypt swarm kubernetes devops hosting waf web-application-firewall
Language:Python 7098
steampipe
turbot / steampipe
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
steampipe postgresql postgresql-fdw cloud security aws azure cis cnapp cspm devops devsecops gcp golang kubernetes terraform etl sqlite zero-etl hacktoberfest
Language:Go 7085
firezone
firezone / firezone
Enterprise-ready zero-trust access platform built on WireGuard®.
cloud devsecops elixir elixir-lang firewall liveview network network-security networking phoenix privacy rust-lang security self-hosted virtual-network vpn vpn-server wireguard wireguard-ui wireguard-vpn
Language:Elixir 6910
tfsec
aquasecurity / tfsec
Tfsec is now part of Trivy
terraform security scanner static-analysis ci aws azure google-cloud-platform compliance infrastructure-as-code devsecops vulnerability-scanners misconfiguration digitalocean devops linter go terraform-security hacktoberfest
Language:Go 6738
sottlmarek / DevSecOps
Ultimate DevSecOps library
security devops devsecops cloud tool aws k8s docker awesome-list azure gcp kubernetes ssdlc awesome cybersecurity serverless ci-cd automation containers
5812
infobyte / faraday
Open Source Vulnerability Management Platform
devops penetration-testing vulnerability vulnerability-scanners security security-audit pentesting continuous-scanning infosec vulnerability-management collaboration burpsuite nessus nmap devsecops security-automation orchestration cve appsec cybersecurity
Language:Python 5092
ThreatMapper
deepfence / ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
cloud-native vulnerability-management threat-analysis devsecops secops registry-scanning security-tools cwpp observability cloudsecurity vulnerability-scanners vulnerability-detection scanning-tool cnapp compliance containers cspm devops kubernetes hacktoberfest
Language:TypeScript 4865
terrascan
tenable / terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
architecture aws aws-security azure-security cloud-security cloudsecurity devops devsecops gcp-security iac infrastructure infrastructure-as-code kubernetes sast scans security security-tools security-violations terraform terrascan
Language:Go 4785
devsecops / awesome-devsecops
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
devsecops threat-intelligence devops podcast
4673
kubernetes-goat
madhuakula / kubernetes-goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
kubernetes vulnerable-app security hacking pentesting infrastructure cloud-security docker container kubernetes-goat devsecops cloudsecurity kubernetes-security container-security owasp cloud-native k8s blueteam redteam
Language:HTML 4551
dalfox
hahwul / dalfox
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
xss security bugbounty bugbounty-tool golang xss-scanner devsecops cicd-pipeline vulnerability xss-detection xss-bruteforce xss-exploit hacktoberfest
Language:Go 3829
DefectDojo / django-DefectDojo
DevSecOps, ASPM, Vulnerability Management. All on one platform.
python vulnerability-databases django security owasp analytics vulnerability-management automation security-automation security-orchestration devsecops vulnerability-correlation kubernetes hacktoberfest appsec
Language:HTML 3765
deepfence / SecretScanner
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
containers devsecops docker hacktoberfest infosectools k8s kubernetes password scanning-tool secret-keys secrets secrets-detection secrets-management security security-tools vulnerability-scanners
Language:Go 3147
baidu / openrasp
🔥Open source RASP solution
waf devsecops security iast rasp
Language:C++ 2808
dependency-track
DependencyTrack / dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
owasp appsec security bom vulnerabilities component-analysis nvd software-security software-composition-analysis sca bill-of-materials package-url purl vulnerability-detection ossindex sbom devsecops security-automation cyclonedx hacktoberfest
Language:Java 2747
ContainerSSH
ContainerSSH / ContainerSSH
ContainerSSH: Launch containers on demand
docker ssh containers kubernetes security-tools devsecops security
Language:Go 2727
ajinabraham / nodejsscan
nodejsscan is a static security code scanner for Node.js applications.
javascript nodejs static-analysis security security-scanner sast devsecops code-analysis code-review node node-security nodejsscan lint
Language:CSS 2408
archerysec / archerysec
ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
vulnerability-assessment vulnerabilities scanning pentesting vulnerability-management opensource pentesters secdevops devops devops-tools devsecops asoc aspm
Language:JavaScript 2299
Checkmarx / kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
iac infrastructure-as-code security appsec cloudnative hacktoberfest devsecops golang security-tools vulnerability-detection vulnerability-scanners open-policy-agent
Language:Open Policy Agent 2122
bearer
Bearer / bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
appsec compliance devsecops devsecops-tools security security-tools dataflow gdpr privacy sast static-code-analysis vulnerability security-audit security-scanner vulnerabilities code-quality static-analysis security-automation owasp
Language:Go 2114
cicd-goat
cider-security-research / cicd-goat
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
appsec cicd devops infosec devsecops security jenkins ctf gitlab
Language:Python 1970
DevSecOps-Playbook
6mile / DevSecOps-Playbook
This is a step-by-step guide to implementing a DevSecOps program for any size organization
devsecops security playbook
1925
DevSecOps
hahwul / DevSecOps
♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
devsecops devops roadmap security awesome-list collections tools
Language:Go 1825
safety
pyupio / safety
Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
python security security-vulnerability travis vulnerability-scanners vulnerability-detection cicd dependency-management devsecops open-source-security package-management
Language:Python 1759
joseadanof / awesome-cloudnative-trainings
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
cloud-native cncf containers continuous-learning devops devsecops istio k8s kubernetes linux-foundation service-mesh
1754
noseyparker
praetorian-inc / noseyparker
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
credentials devsecops penetration-testing rust scanner security security-tools secrets secrets-detection
Language:Rust 1720
GitGuardian / ggshield
Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
devsecops security credentials apikey key code leak scanning precommit secrets-detection secrets-management iac iac-security infrastructure-as-code
Language:Python 1696
dynamic-devops-roadmap
DevOpsHiveHQ / dynamic-devops-roadmap
A FREE pragmatic DevOps roadmap to kickstart your DevOps career in the Cloud Native era following the Agile MVP style! ⭐ (2025 plans for DevOps, Cloud, Platform, SRE, SWE)
agile career devops devsecops mentorship roadmap bootcamp cloud sre
Language:TypeScript 1616