Topic: devsecops Goto Github

👇 Here are 826 public repositories matching this topic...

6mile / devsecops-playbook
devsecops,This is a step-by-step guide to implementing a DevSecOps program for any size organization
User: 6mile
devsecops security playbook

ahmedtariq01 / cloud-devops-learning-resources
devsecops,This repo includes Books and imp notes related to GCP, Azure, AWS, Docker, K8s, and DevOps. More, exam and interview prep notes.
User: ahmedtariq01
ansible aws azure devops gcp jenkins docker kubernetes notes azure-devops terraform devops-tools linux multicloud cloudcomputing cloudsecurity cicd devsecops containers cloudnative

ajinabraham / cmsscan
devsecops,CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
User: ajinabraham
Home Page: https://opensecurity.in
wordpress drupal joomla vbulletin security automation devsecops security-dashboard

ajinabraham / nodejsscan
devsecops,nodejsscan is a static security code scanner for Node.js applications.
User: ajinabraham
Home Page: https://opensecurity.in
javascript nodejs static-analysis security security-scanner sast devsecops code-analysis code-review node

akto-api-security / akto
devsecops,Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
Organization: akto-api-security
Home Page: https://www.akto.io/
api-security api-discovery api-security-testing api-testing authentication authorization devsecops idor owasp-top-10 security

aquasecurity / tfsec
devsecops,Security scanner for your Terraform code
Organization: aquasecurity
Home Page: https://aquasecurity.github.io/tfsec
terraform security scanner static-analysis ci aws azure google-cloud-platform compliance infrastructure-as-code

aquasecurity / trivy
devsecops,Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Organization: aquasecurity
Home Page: https://aquasecurity.github.io/trivy
security security-tools docker containers vulnerability-scanners vulnerability-detection vulnerability golang go kubernetes

archerysec / archerysec
devsecops,Automate Your Application Security Orchestration And Correlation (ASOC) Using ArcherySec.
Organization: archerysec
Home Page: https://www.archerysec.com/
vulnerability-assessment vulnerabilities scanning pentesting vulnerability-management opensource pentesters secdevops devops devops-tools

astteam / codeql
devsecops,《深入理解CodeQL》Finding vulnerabilities with CodeQL.
Organization: astteam
0e0w codeql hackjava hackaspx hackgolang javasec ql learning-codeql codeql-queries semmle-ql

baidu / openrasp
devsecops,🔥Open source RASP solution
Organization: baidu
Home Page: https://rasp.baidu.com
waf devsecops security iast rasp

bearer / bearer
devsecops,Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Organization: bearer
Home Page: https://docs.bearer.com
appsec compliance devsecops devsecops-tools security security-tools dataflow gdpr privacy sast

bridgecrewio / terragoat
devsecops,TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Organization: bridgecrewio
Home Page: https://www.bridgecrew.io/
terraform aws-security cloud-security goat azure-security gcp-security devsecops

bunkerity / bunkerweb
devsecops,🛡️ Make your web services secure by default !
Organization: bunkerity
Home Page: https://www.bunkerweb.io
nginx modsecurity docker security dnsbl reverse-proxy bunkerized-nginx hardening web-security security-tuning

checkmarx / kics
devsecops,Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Organization: checkmarx
Home Page: https://kics.io
iac infrastructure-as-code security appsec cloudnative hacktoberfest devsecops golang security-tools vulnerability-detection

cider-security-research / cicd-goat
devsecops,A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
Organization: cider-security-research
appsec cicd devops infosec devsecops security jenkins ctf gitlab

containerssh / containerssh
devsecops,ContainerSSH: Launch containers on demand
Organization: containerssh
Home Page: https://containerssh.io/
docker ssh containers kubernetes security-tools devsecops security

deepfence / secretscanner
devsecops,:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
Organization: deepfence
Home Page: https://deepfence.io
scanning-tool secret-keys secrets-management infosectools vulnerability-scanners k8s containers kubernetes secrets docker

deepfence / threatmapper
devsecops,Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
Organization: deepfence
Home Page: https://deepfence.io
cloud-native vulnerability-management threat-analysis devsecops secops registry-scanning security-tools cwpp observability cloudsecurity

deepfence / yarahunter
devsecops,🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍
Organization: deepfence
Home Page: https://deepfence.io/
devsecops devsecops-best-practices devsecops-pipeline ioc malware threat-hunting yara yara-scanner ci-cd hacktoberfest

defectdojo / django-defectdojo
devsecops, DevSecOps, ASPM, Vulnerability Management. All on one platform.
Organization: defectdojo
Home Page: https://defectdojo.com
python vulnerability-databases django security owasp analytics vulnerability-management automation security-automation security-orchestration

dependencytrack / dependency-track
devsecops,Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Organization: dependencytrack
Home Page: https://dependencytrack.org/
owasp appsec security bom vulnerabilities component-analysis nvd software-security software-composition-analysis sca

devsecops / awesome-devsecops
devsecops,An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
Organization: devsecops
Home Page: http://devsecops.org
devops devsecops podcast threat-intelligence

firezone / firezone
devsecops,WireGuard®-based zero-trust access platform with OIDC auth, identity sync, and NAT traversal.
Organization: firezone
Home Page: https://www.firezone.dev
cloud vpn firewall security wireguard wireguard-vpn wireguard-ui vpn-server network-security self-hosted

gitguardian / ggshield
devsecops,Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Organization: gitguardian
Home Page: https://gitguardian.com
devsecops security credentials apikey key code leak scanning precommit secrets-detection

gitleaks / gitleaks
devsecops,Protect and discover secrets using Gitleaks 🔑
Organization: gitleaks
Home Page: https://gitleaks.io
security security-tools git golang go secret gitleaks devsecops hacktoberfest

gravitl / netmaker
devsecops,Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Organization: gravitl
Home Page: https://netmaker.io
wireguard virtual-network vpn mesh zero-trust devsecops networking network k8s kubernetes

guardrailsio / awesome-php-security
devsecops,Awesome PHP Security Resources 🕶🐘🔐
Organization: guardrailsio
php security security-tools application-security devsecops awesome-list awesome

hahwul / dalfox
devsecops,🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
User: hahwul
Home Page: https://dalfox.hahwul.com
xss security bugbounty bugbounty-tool golang xss-scanner devsecops cicd-pipeline vulnerability xss-detection

hahwul / devsecops
devsecops,♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
User: hahwul
devsecops devops roadmap security awesome-list collections tools

hysnsec / awesome-threat-modelling
devsecops,A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Organization: hysnsec
Home Page: https://www.practical-devsecops.com/devsecops-university/
threat-modeling practical-devsecops security-review devsecops-university appsec devsecops awesome awesome-list

infobyte / faraday
devsecops,Open Source Vulnerability Management Platform
Organization: infobyte
Home Page: https://www.faradaysec.com
devops penetration-testing vulnerability vulnerability-scanners security security-audit pentesting continuous-scanning infosec vulnerability-management

intel / cve-bin-tool
devsecops,The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
Organization: intel
Home Page: https://cve-bin-tool.readthedocs.io/en/latest/
cve security hacktoberfest vulnerabilities cvss swrepo system-tools devsecops security-automation security-tools

jonrau1 / electriceye
devsecops,ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks
User: jonrau1
security-tools security-audit cloud-security security-monitoring aws-security security-hub cloud-compliance-reporting cloud-auditing security-engineering devsecops

joseadanof / awesome-cloudnative-trainings
devsecops,Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
User: joseadanof
cloud-native cncf containers continuous-learning devops devsecops istio k8s kubernetes linux-foundation

krol3 / container-security-checklist
devsecops,Checklist for container security - devsecops practices
User: krol3
Home Page: https://krol3.github.io/container-security-checklist/
containers devsecops security

lunasec-io / lunasec
devsecops,LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Organization: lunasec-io
Home Page: https://www.lunasec.io/
tokenization web-security compliance security soc2 pci-dss gdpr zero-trust devsecops log4shell

madhuakula / kubernetes-goat
devsecops,Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
User: madhuakula
Home Page: https://madhuakula.com/kubernetes-goat
kubernetes vulnerable-app security hacking pentesting infrastructure cloud-security docker container kubernetes-goat

mobsf / mobile-security-framework-mobsf
devsecops,Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Organization: mobsf
Home Page: https://opensecurity.in
static-analysis dynamic-analysis mobsf android-security mobile-security windows-mobile-security ios-security api-testing web-security malware-analysis

octarinesec / kube-scan
devsecops,kube-scan: Octarine k8s cluster risk assessment tool
Organization: octarinesec
Home Page: https://www.octarinesec.com/
k8s security-tools security-scanner security-audit security devops devsecops kubernetes cloud-native security-scanners

owasp / wrongsecrets
devsecops,Vulnerable app with examples showing how to not use secrets
Organization: owasp
Home Page: https://owasp.org/www-project-wrongsecrets/
hashicorp-vault terraform-aws java kubernetes secrets secrets-management vault devsecops security aws

praetorian-inc / noseyparker
devsecops,Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
Organization: praetorian-inc
credentials devsecops penetration-testing rust scanner security security-tools secrets secrets-detection

project-copacetic / copacetic
devsecops,🧵 CLI tool for directly patching container images using reports from vulnerability scanners
Organization: project-copacetic
Home Page: https://project-copacetic.github.io/copacetic/
compliance devsecops docker security trivy vulnerability containers container-image container-security patching

prowler-cloud / prowler
devsecops,Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
Organization: prowler-cloud
Home Page: https://prowler.com
security security-tools security-audit security-hardening hardening aws cis-benchmark compliance gdpr forensics

sottlmarek / devsecops
devsecops,Ultimate DevSecOps library
User: sottlmarek
security devops devsecops cloud tool aws k8s docker awesome-list azure

taptuit / awesome-devsecops
devsecops,Curating the best DevSecOps resources and tooling.
Organization: taptuit
application-security awesome awesome-list devops devsecops hacktoberfest secure-software-development

tenable / terrascan
devsecops,Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Organization: tenable
Home Page: https://runterrascan.io
security-tools infrastructure-as-code devsecops devops security terraform aws cloudsecurity cloud-security terrascan

trufflesecurity / trufflehog
devsecops,Find and verify secrets
Organization: trufflesecurity
Home Page: https://trufflesecurity.com
secret trufflehog credentials security devsecops dynamic-analysis security-tools secrets verification hacktoberfest secret-management precommit scanning

turbot / steampipe
devsecops,Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Organization: turbot
Home Page: https://steampipe.io
steampipe sql postgresql postgresql-fdw cloud security aws azure cis cnapp

we5ter / scanners-box
devsecops,A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
User: we5ter
pentesting-tools hacker-tools vulnerability-scanners information-security redteam-tools penetration-testing devsecops security-automation smart-contracts privacy-compliance

xmirrorsecurity / opensca-cli
devsecops,OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
Organization: xmirrorsecurity
Home Page: https://opensca.xmirror.cn
sca devsecops security sbom software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security static-analysis vulnerabilities