Trending repositories for topic devsecops
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
A FREE pragmatic DevOps roadmap to kickstart your DevOps career in the Cloud Native era following the Agile MVP style! ⭐ (2025 plans for DevOps, Cloud, Platform, SRE, SWE)
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...
JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane. It protects your secrets and helps your ops, SREs, and sysadmins manage sensitive data securely with minimal overhe...
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
Website, courses, documentation, blog and youtube video tracker.
A multi-vault secret injection tool for safely injecting secrets into app environment
JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
The content in this repo is based on the self-paced course called Certified in Cybersecurity from (ISC)2, which is a preparation for (ISC)2 Certified in Cybersecurity. And Also Dump Question which wil...
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
A FREE pragmatic DevOps roadmap to kickstart your DevOps career in the Cloud Native era following the Agile MVP style! ⭐ (2025 plans for DevOps, Cloud, Platform, SRE, SWE)
A list of online news & info sources in the InfoSec/Cybersecurity space
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
🧵 CLI tool for directly patching container images!
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
🛡️ Open-source and next-generation Web Application Firewall (WAF)
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
This is a step-by-step guide to implementing a DevSecOps program for any size organization
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
A FREE pragmatic DevOps roadmap to kickstart your DevOps career in the Cloud Native era following the Agile MVP style! ⭐ (2025 plans for DevOps, Cloud, Platform, SRE, SWE)
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
A list of online news & info sources in the InfoSec/Cybersecurity space
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
Enterprise-ready zero-trust access platform built on WireGuard®.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Website, courses, documentation, blog and youtube video tracker.
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane. It protects your secrets and helps your ops, SREs, and sysadmins manage sensitive data securely with minimal overhe...
A list of online news & info sources in the InfoSec/Cybersecurity space
The content in this repo is based on the self-paced course called Certified in Cybersecurity from (ISC)2, which is a preparation for (ISC)2 Certified in Cybersecurity. And Also Dump Question which wil...
A multi-vault secret injection tool for safely injecting secrets into app environment
JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teams
A FREE pragmatic DevOps roadmap to kickstart your DevOps career in the Cloud Native era following the Agile MVP style! ⭐ (2025 plans for DevOps, Cloud, Platform, SRE, SWE)
GitHub action to scan container images with Palo Alto Networks' Prisma Cloud
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guideline...
Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hack...
Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
DevSecOps Project using git, GitHub, jenkins, Maven,Junit, SonarQube, Docker, Trivy, Hashicorp Vault, AWS, Kubernetes
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
🛡️ Open-source and next-generation Web Application Firewall (WAF)
A FREE pragmatic DevOps roadmap to kickstart your DevOps career in the Cloud Native era following the Agile MVP style! ⭐ (2025 plans for DevOps, Cloud, Platform, SRE, SWE)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...
Enterprise-ready zero-trust access platform built on WireGuard®.
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane. It protects your secrets and helps your ops, SREs, and sysadmins manage sensitive data securely with minimal overhe...
Website, courses, documentation, blog and youtube video tracker.
The content in this repo is based on the self-paced course called Certified in Cybersecurity from (ISC)2, which is a preparation for (ISC)2 Certified in Cybersecurity. And Also Dump Question which wil...
A FREE pragmatic DevOps roadmap to kickstart your DevOps career in the Cloud Native era following the Agile MVP style! ⭐ (2025 plans for DevOps, Cloud, Platform, SRE, SWE)
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hack...
JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
A list of online news & info sources in the InfoSec/Cybersecurity space
Gixposed is a powerful command-line tool designed to search the commit history of Git repositories for sensitive information, such as API keys and access tokens. Its purpose is to help developers and ...
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Realtime secret and configuration management tool, with the best in class security and seamless integration support
A multi-vault secret injection tool for safely injecting secrets into app environment
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
GitHub action to scan container images with Palo Alto Networks' Prisma Cloud
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
Comprehensive set of Terraform coding standards designed for enterprise-level projects
A multi-vault secret injection tool for safely injecting secrets into app environment
sdlc 是一个基于 Go 语言构建的安全漏洞示范平台,旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识,除了可以用于devsecops以外,还可以用于安全行业从事者学习漏洞知识或者渗透知识,代码审计,提供了一个实践和学习的环境。本项目采用了前后端分离的设计模式,其中后端利用了轻量级框架 Gin,而前端则使用了 Vue 3。
The content in this repo is based on the self-paced course called Certified in Cybersecurity from (ISC)2, which is a preparation for (ISC)2 Certified in Cybersecurity. And Also Dump Question which wil...
Welcome to the official repository for our class! 📚👩💻 Here, you'll find a organized collection of class notes, assignments, and code snippets generated during our sessions.
sdlc_python 是一个基于python语言构建的devsecops平台,旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识(对应sdlc中对开发人员的安全培训),并且使用了大模型进行代码安全审计(对应sdlc中代码审计阶段),帮助企业进行安全左移。除了用于 DevSecOps 实践外,sdlc_python 还可以用于学习漏洞知...
Blackdagger is a DAG-based automation tool specifically used in DevOps, DevSecOps, MLOps, MLSecOps, and Continuous Red Teaming (CART).
SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane. It protects your secrets and helps your ops, SREs, and sysadmins manage sensitive data securely with minimal overhe...
Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teams
Gixposed is a powerful command-line tool designed to search the commit history of Git repositories for sensitive information, such as API keys and access tokens. Its purpose is to help developers and ...
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
🛡️ Open-source and next-generation Web Application Firewall (WAF)
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...
A FREE pragmatic DevOps roadmap to kickstart your DevOps career in the Cloud Native era following the Agile MVP style! ⭐ (2025 plans for DevOps, Cloud, Platform, SRE, SWE)
Enterprise-ready zero-trust access platform built on WireGuard®.
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
Website, courses, documentation, blog and youtube video tracker.
sdlc 是一个基于 Go 语言构建的安全漏洞示范平台,旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识,除了可以用于devsecops以外,还可以用于安全行业从事者学习漏洞知识或者渗透知识,代码审计,提供了一个实践和学习的环境。本项目采用了前后端分离的设计模式,其中后端利用了轻量级框架 Gin,而前端则使用了 Vue 3。
SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane. It protects your secrets and helps your ops, SREs, and sysadmins manage sensitive data securely with minimal overhe...
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
Realtime secret and configuration management tool, with the best in class security and seamless integration support
SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It supports a variety of open source vulnerability scanners and integrat...
A FREE pragmatic DevOps roadmap to kickstart your DevOps career in the Cloud Native era following the Agile MVP style! ⭐ (2025 plans for DevOps, Cloud, Platform, SRE, SWE)
Ultimate Tasks Automation Framework for Hackers, DevSecOps, Pentesters, and Bug-bounty hunters!
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
Mobile Reconnaissance Framework is a powerful, lightweight and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information wi...
🛡️ Open-source and next-generation Web Application Firewall (WAF)
A set of lessons aimed at anyone learning LLM and generative AI concepts, with sections on operations and security, as well as development.