Trending repositories for topic devsecops
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
A master plan for roadmap, mentorship, and bootcamp to start a DevOps Engineer career in 2024! ⭐
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
WireGuard®-based zero-trust access platform with OIDC auth, identity sync, and NAT traversal.
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
A master plan for roadmap, mentorship, and bootcamp to start a DevOps Engineer career in 2024! ⭐
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
Best practices and integrations available for Spring Boot based Microservice in a single repository.
OWASP BLT is a bug logging tool to report issues and get points, companies are held accountable.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
🧵 CLI tool for directly patching container images using reports from vulnerability scanners
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
A master plan for roadmap, mentorship, and bootcamp to start a DevOps Engineer career in 2024! ⭐
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...
WireGuard®-based zero-trust access platform with OIDC auth, identity sync, and NAT traversal.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
A master plan for roadmap, mentorship, and bootcamp to start a DevOps Engineer career in 2024! ⭐
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
Easily improve the security of your web applications with aws firewall factory. Protect your valuable assets with seamless WAF deployment, updates, and staging, all efficiently managed centrally with ...
Best practices and integrations available for Spring Boot based Microservice in a single repository.
OWASP BLT is a bug logging tool to report issues and get points, companies are held accountable.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
WireGuard®-based zero-trust access platform with OIDC auth, identity sync, and NAT traversal.
A master plan for roadmap, mentorship, and bootcamp to start a DevOps Engineer career in 2024! ⭐
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
A master plan for roadmap, mentorship, and bootcamp to start a DevOps Engineer career in 2024! ⭐
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
Welcome to the official repository for our class! 📚👩💻 Here, you'll find a organized collection of class notes, assignments, and code snippets generated during our sessions.
[WIP] This repository contains the solutions for the Google Cloud Skill Boost challenge labs
Welcome to CloudCaptain, your one-stop-shop for all things cloud-related!
Admission Controller as a proxy for Nomad. Define OPA rules for validation and mutation or plugin remotes
Ultimate Tasks Automation Framework for Hackers, DevSecOps, Pentesters, and Bug-bounty hunters!
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
SecObserve is an open source vulnerability management system for software development and cloud environments. It supports a variety of open source vulnerability scanners and integrates easily into CI/...
A CI/CD Approach & Framework for infrastructure that can be used in governance heavy organizations and is intended to give the developers as much autonomy as possible to do their work following DevOps...
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
A master plan for roadmap, mentorship, and bootcamp to start a DevOps Engineer career in 2024! ⭐
Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collec...
A set of lessons aimed at anyone learning LLM and generative AI concepts, with sections on operations and security, as well as development.
A centralized repository of standalone security patches for open source libraries.
This repository contains a list of roadmaps I created with my suggestions on LinkedIn and Twitter.🤞🏻😌
Ultimate Tasks Automation Framework for Hackers, DevSecOps, Pentesters, and Bug-bounty hunters!
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
This repository was developed using .NET 7.0 API technology based on findings listed in the OWASP 2019 API Security Top 10.
Steampipe SQLite is a zero-ETL engine for SQLite. Virtual tables translate queries into live API calls for cloud services and APIs. Hundreds of plugins with thousands of documented examples.
Welcome to the official repository for our class! 📚👩💻 Here, you'll find a organized collection of class notes, assignments, and code snippets generated during our sessions.
Tests your API automatically for common API vulnerabilities. Project is still Work In Progress. PRs are appreciated.
Blackdagger is a DAG-based automation tool specifically used in DevOps, DevSecOps, MLOps, MLSecOps, and Continuous Red Teaming (CART).
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
WireGuard®-based zero-trust access platform with OIDC auth, identity sync, and NAT traversal.
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Open Source Cloud Native Application Protection Platform (CNAPP)
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
Welcome to CloudCaptain, your one-stop-shop for all things cloud-related!
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
SecObserve is an open source vulnerability management system for software development and cloud environments. It supports a variety of open source vulnerability scanners and integrates easily into CI/...
Curating Falco rules with MITRE ATT&CK Matrix
Service that scans your Infrastructure as Code for common vulnerabilities
A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot) or sqlite. Simply put it's nmap converter.
PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.
Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and so on
SBOM Assembler - A tool to compose your various sboms into a single sbom.