ykosaraju

deadshot

Deadshot is a Github pull request scanner to identify sensitive data being committed to a repository

gordon

Gordon is status check Github app to enforce and validate about.yaml file specifications in a repository during pull requests to drive code ownership at scale within an organization

awesome-k8s-security

A curated list for Awesome Kubernetes Security resources

rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

vulhub

Pre-Built Vulnerable Environments Based on Docker-Compose

community

Kubernetes community content

my-arsenal-of-aws-security-tools

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

IPRotate_Burp_Extension

Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.

team_outings

90+ Team Outings That Aren't Centered Around Drinking

cloudgoat

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

distroless

🥑 Language focused docker images, minus the operating system.

BurpJSLinkFinder

Burp Extension for a passive scanning JS files for endpoint links.

contained.af

A stupid game for learning about containers, capabilities, and syscalls.

sipvicious

SIPVicious OSS is a VoIP security testing toolset. It helps security teams, QA and developers test SIP-based VoIP systems and applications. This toolset is useful in simulating VoIP hacking attacks against PBX systems especially through identification, scanning, extension enumeration and password cracking.

bane

Custom & better AppArmor profile generator for Docker containers.

kube-hunter

Hunt for security weaknesses in Kubernetes clusters

jenkins-course

This is the repository with all the resources for the Jenkins training on Udemy

dca-prep-guide

Docker Certification Associate preparation guide - a list of resources to help you prepare for a successful certification

dagda

a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities

awesome-container-security

Awesome list of resources related to container security

kubernetes-workshops

owasp-threat-dragon

An open source, online threat modelling tool from OWASP

clair

Vulnerability Static Analysis for Containers

kube-bench

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

k8s-workshop

Fairwinds k8s-workshop

awesome-sec-talks

A collected list of awesome security talks

static-analysis

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

awesome-pentest-cheat-sheets

Collection of the cheat sheets useful for pentesting