Trending repositories for topic devsecops
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...
♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
Website, courses documentation, blog and youtube video tracker.
Comprehensive set of Terraform coding standards designed for enterprise-level projects
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
A list of online news & info sources in the InfoSec/Cybersecurity space
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
Website, courses documentation, blog and youtube video tracker.
Comprehensive set of Terraform coding standards designed for enterprise-level projects
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
Attack surface detector that identifies endpoints by static analysis
A list of online news & info sources in the InfoSec/Cybersecurity space
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
🛡️ Open-source and next-generation Web Application Firewall (WAF)
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...
Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
🧵 CLI tool for directly patching container images!
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & ...
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Enterprise-ready zero-trust access platform built on WireGuard®.
Comprehensive set of Terraform coding standards designed for enterprise-level projects
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
A master plan for roadmap, mentorship, and bootcamp to start a DevOps Engineer career in 2024! ⭐
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Comprehensive set of Terraform coding standards designed for enterprise-level projects
Website, courses documentation, blog and youtube video tracker.
Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hack...
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
The content in this repo is based on the self-paced course called Certified in Cybersecurity from (ISC)2, which is a preparation for (ISC)2 Certified in Cybersecurity. And Also Dump Question which wil...
A list of online news & info sources in the InfoSec/Cybersecurity space
SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.
A master plan for roadmap, mentorship, and bootcamp to start a DevOps Engineer career in 2024! ⭐
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities
A compilation of resources in the software supply chain security domain, with emphasis on open source
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collec...
Comprehensive set of Terraform coding standards designed for enterprise-level projects
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
Comprehensive set of Terraform coding standards designed for enterprise-level projects
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Enterprise-ready zero-trust access platform built on WireGuard®.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
DevSecOps, ASPM, Vulnerability Management. All on one platform.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
Website, courses documentation, blog and youtube video tracker.
Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hack...
The content in this repo is based on the self-paced course called Certified in Cybersecurity from (ISC)2, which is a preparation for (ISC)2 Certified in Cybersecurity. And Also Dump Question which wil...
🛡️ Open-source and next-generation Web Application Firewall (WAF)
SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.
A list of online news & info sources in the InfoSec/Cybersecurity space
Mobile Reconnaissance Framework is a powerful, lightweight and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information wi...
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
WGNetwork. Managing a WireGuard®-based Private Secured Network and NFTables Firewall
RyzeSCA 是M-SEC社区一款强化 DevSecOps 的软件成分分析工具,能在软件开发过程中分析和管理开源组件的安全风险。
SecObserve is an open source vulnerability management system for software development and cloud environments. It supports a variety of open source vulnerability scanners and integrates easily into CI/...
Open-source, end-to-end encrypted CLI-first management of your environment secrets.
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
A master plan for roadmap, mentorship, and bootcamp to start a DevOps Engineer career in 2024! ⭐
Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collec...
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
This repository contains a list of roadmaps I created with my suggestions on LinkedIn and Twitter.🤞🏻😌
Ultimate Tasks Automation Framework for Hackers, DevSecOps, Pentesters, and Bug-bounty hunters!
Comprehensive set of Terraform coding standards designed for enterprise-level projects
Welcome to the official repository for our class! 📚👩💻 Here, you'll find a organized collection of class notes, assignments, and code snippets generated during our sessions.
Steampipe SQLite is a zero-ETL engine for SQLite. Virtual tables translate queries into live API calls for cloud services and APIs. Hundreds of plugins with thousands of documented examples.
Blackdagger is a DAG-based automation tool specifically used in DevOps, DevSecOps, MLOps, MLSecOps, and Continuous Red Teaming (CART).
The content in this repo is based on the self-paced course called Certified in Cybersecurity from (ISC)2, which is a preparation for (ISC)2 Certified in Cybersecurity. And Also Dump Question which wil...
Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hack...
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Enterprise-ready zero-trust access platform built on WireGuard®.
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
A master plan for roadmap, mentorship, and bootcamp to start a DevOps Engineer career in 2024! ⭐
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
🧵 CLI tool for directly patching container images!
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
A set of lessons aimed at anyone learning LLM and generative AI concepts, with sections on operations and security, as well as development.
SecObserve is an open source vulnerability management system for software development and cloud environments. It supports a variety of open source vulnerability scanners and integrates easily into CI/...
Website, courses documentation, blog and youtube video tracker.
Mobile Reconnaissance Framework is a powerful, lightweight and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information wi...
Curating Falco rules with MITRE ATT&CK Matrix
Service that scans your Infrastructure as Code for common vulnerabilities
This repository was developed using .NET 7.0 API technology based on findings listed in the OWASP 2019 API Security Top 10.
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
🧵 CLI tool for directly patching container images!
Tests your API automatically for common API vulnerabilities. Project is still Work In Progress. PRs are appreciated.
SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.