devsecops

There are 173 repositories under devsecops topic.

aquasecurity / trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
containers devsecops docker go golang hacktoberfest iac infrastructure-as-code kubernetes misconfiguration security security-tools vulnerability vulnerability-detection vulnerability-scanners
Language:Go 29734
gitleaks / gitleaks
Find secrets with Gitleaks 🔑
ai-powered ci-cd cicd cli data-loss-prevention devsecops dlp git gitleaks go golang hacktoberfest llm llm-inference llm-training nhi open-source secret security security-tools
Language:Go 23867
trufflehog
trufflesecurity / trufflehog
Find, verify, and analyze leaked credentials
credentials devsecops dynamic-analysis precommit scanning secret secret-management secrets security security-tools trufflehog verification
Language:Go 23104
Mobile-Security-Framework-MobSF
MobSF / Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
android-security api-testing apk cwe devsecops dynamic-analysis ios-security malware-analysis mastg masvs mobile-security mobsf mstg owasp rest runtime-security static-analysis web-security windows-mobile-security
Language:JavaScript 19751
bytebase
bytebase / bytebase
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
cicd data-masking data-security database-access dbeaver devsecops flyway gitops liquibase mongodb mysql oracle pam postgresql schema-migrations security snowflake sql-client sqlserver tidb
Language:Go 13286
prowler
prowler-cloud / prowler
Prowler is the Open Cloud Security for AWS, Azure, GCP, Kubernetes, M365 and more. As agent-less, it helps for continuous monitoring, security assessments & audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
aws azure cis-benchmark cloud cloudsecurity compliance cspm devsecops forensics gcp gdpr hacktoberfest hardening iam multi-cloud python security security-audit security-hardening security-tools
Language:Python 12293
gravitl / netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
wireguard vpn mesh zero-trust devsecops k8s kubernetes wireguard-ui cloud security wg-quick wireguard-vpn vpn-server virtual-networking self-hosted mesh-network overlay-network ipv6-support secure-remote-access site-to-site
Language:Go 10952
bunkerweb
bunkerity / bunkerweb
🛡️ Open-source and next-generation Web Application Firewall (WAF)
antibot bunkerized-nginx cybersecurity devops devsecops dnsbl docker hardening hosting kubernetes letsencrypt modsecurity nginx reverse-proxy security security-tuning swarm waf web-application-firewall web-security
Language:Python 9355
Scanners-Box
We5ter / Scanners-Box
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
apk-analysis binary-analysis code-analyzer devsecops exploitation-framework hacker-tools information-security malware-analysis penetration-testing pentesting-tools privacy-compliance redteam-tools security-audit security-automation smart-contracts static-analysis vulnerability-scanners wifi-hacking wifi-security
8681
firezone
firezone / firezone
Enterprise-ready zero-trust access platform built on WireGuard®.
cloud devsecops elixir elixir-lang firewall liveview network network-security networking phoenix privacy rust-lang security self-hosted virtual-network vpn vpn-server wireguard wireguard-ui wireguard-vpn
Language:Elixir 8219
steampipe
turbot / steampipe
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
aws azure cis cloud cnapp cspm devops devsecops etl gcp golang hacktoberfest kubernetes postgresql postgresql-fdw security sqlite steampipe terraform zero-etl
Language:Go 7580
tfsec
aquasecurity / tfsec
Tfsec is now part of Trivy
aws azure ci compliance devops devsecops digitalocean go google-cloud-platform hacktoberfest infrastructure-as-code linter misconfiguration scanner security static-analysis terraform terraform-security vulnerability-scanners
Language:Go 6914
sottlmarek / DevSecOps
Ultimate DevSecOps library
automation awesome awesome-list aws azure ci-cd cloud containers cybersecurity devops devsecops docker gcp k8s kubernetes security serverless ssdlc tool
6465
infobyte / faraday
Open Source Vulnerability Management Platform
appsec burpsuite collaboration continuous-scanning cve cybersecurity devops devsecops infosec nessus nmap orchestration penetration-testing pentesting security security-audit security-automation vulnerability vulnerability-management vulnerability-scanners
Language:Python 6009
kubernetes-goat
madhuakula / kubernetes-goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
blueteam cloud-native cloud-security cloudsecurity container container-security devsecops docker hacking infrastructure k8s kubernetes kubernetes-goat kubernetes-security owasp pentesting redteam security vulnerable-app
Language:HTML 5276
ThreatMapper
deepfence / ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
cloud-native cloudsecurity cnapp compliance containers cspm cwpp devops devsecops hacktoberfest kubernetes observability registry-scanning scanning-tool secops security-tools threat-analysis vulnerability-detection vulnerability-management vulnerability-scanners
Language:TypeScript 5194
terrascan
tenable / terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
architecture aws aws-security azure-security cloud-security cloudsecurity devops devsecops gcp-security iac infrastructure infrastructure-as-code kubernetes sast scans security security-tools security-violations terraform terrascan
Language:Go 5190
devsecops / awesome-devsecops
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
devops devsecops podcast threat-intelligence
5136
dalfox
hahwul / dalfox
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
bugbounty bugbounty-tool cicd-pipeline devsecops golang hacktoberfest security vulnerability xss xss-bruteforce xss-detection xss-exploit xss-scanner
Language:Go 4668
DefectDojo / django-DefectDojo
Open-Source Unified Vulnerability Management, DevSecOps & ASPM
analytics appsec automation devsecops django hacktoberfest kubernetes owasp python security security-automation security-orchestration vulnerability-correlation vulnerability-databases vulnerability-management
Language:HTML 4340
dependency-track
DependencyTrack / dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
owasp appsec security bom vulnerabilities component-analysis nvd software-security software-composition-analysis sca bill-of-materials package-url purl vulnerability-detection ossindex sbom devsecops security-automation cyclonedx hacktoberfest
Language:Java 3349
deepfence / SecretScanner
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
scanning-tool secret-keys secrets-management infosectools vulnerability-scanners k8s containers kubernetes secrets docker security-tools security password secrets-detection devsecops hacktoberfest
Language:Go 3233
ContainerSSH
ContainerSSH / ContainerSSH
ContainerSSH: Launch containers on demand
containers devsecops docker kubernetes security security-tools ssh
Language:Go 2933
baidu / openrasp
🔥Open source RASP solution
waf devsecops security iast rasp
Language:C++ 2919
ajinabraham / nodejsscan
nodejsscan is a static security code scanner for Node.js applications.
javascript nodejs static-analysis security security-scanner sast devsecops code-analysis code-review node node-security nodejsscan lint
Language:CSS 2520
Checkmarx / kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
appsec cloudnative devsecops golang hacktoberfest iac infrastructure-as-code open-policy-agent security security-tools vulnerability-detection vulnerability-scanners
Language:Open Policy Agent 2502
bearer
Bearer / bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
appsec code-quality compliance dataflow devsecops devsecops-tools gdpr owasp privacy sast security security-audit security-automation security-scanner security-tools static-analysis static-code-analysis vulnerabilities vulnerability
Language:Go 2457
archerysec / archerysec
ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
vulnerability-assessment vulnerabilities scanning pentesting vulnerability-management opensource pentesters secdevops devops devops-tools devsecops asoc aspm
Language:JavaScript 2415
joseadanof / awesome-cloudnative-trainings
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
cloud-native cncf containers continuous-learning devops devsecops istio k8s kubernetes linux-foundation service-mesh
2264
dynamic-devops-roadmap
DevOpsHiveHQ / dynamic-devops-roadmap
A FREE pragmatic DevOps learning to kickstart your DevOps career and knowledge in the Cloud Native era following the Agile MVP style! ⭐ (2025 plans for DevOps, Cloud, Platform, SRE, SWE)
agile bootcamp career cloud devops devsecops mentorship roadmap sre
Language:TypeScript 2220
noseyparker
praetorian-inc / noseyparker
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.
credentials devsecops penetration-testing rust scanner security security-tools secrets secrets-detection noseyparker
Language:Rust 2160
cicd-goat
cider-security-research / cicd-goat
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
appsec cicd ctf devops devsecops gitlab infosec jenkins security
Language:Python 2155
DevSecOps
hahwul / DevSecOps
♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
awesome-list collections devops devsecops hacktoberfest roadmap security tools
Language:Just 2031
DevSecOps-Playbook
6mile / DevSecOps-Playbook
This is a step-by-step guide to implementing a DevSecOps program for any size organization
devsecops playbook security
2014
safety
pyupio / safety
Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
cicd dependency-management devsecops open-source-security package-management python security security-vulnerability travis vulnerability-detection vulnerability-scanners
Language:Python 1915
GitGuardian / ggshield
Detect and validate 500+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.
devsecops security credentials apikey key code leak scanning precommit secrets-detection secrets-management
Language:Python 1866