There are 134 repositories under devsecops topic.
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Find and verify secrets
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
Security scanner for your Terraform code
Ultimate DevSecOps library
Open Source Cloud Native Application Protection Platform (CNAPP)
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
DevSecOps, ASPM, Vulnerability Management. All on one platform.
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
ContainerSSH: Launch containers on demand
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
nodejsscan is a static security code scanner for Node.js applications.
Automate Your Application Security Orchestration And Correlation (ASOC) Using ArcherySec.
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
This is a step-by-step guide to implementing a DevSecOps program for any size organization
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
Checklist for container security - devsecops practices
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/