Trending repositories for topic devsecops
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
🛡️ Open-source and next-generation Web Application Firewall (WAF)
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
This repo includes Books and imp notes related to GCP, Azure, AWS, Docker, K8s, and DevOps. More, exam and interview prep notes.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Enterprise-ready zero-trust access platform built on WireGuard®.
🧵 CLI tool for directly patching container images!
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...
secureCodeBox (SCB) - continuous secure delivery out of the box
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
🚀 Policy driven vetting of open source packages with malicious code analysis
Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
Mobile Reconnaissance Framework is a powerful, lightweight and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information wi...
Website, courses, documentation, blog and youtube video tracker.
🚀 Policy driven vetting of open source packages with malicious code analysis
Reusable GitHub Actions workflow examples for cloud native DevOps
Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It supports a variety of open source vulnerability scanners and integrat...
🧵 CLI tool for directly patching container images!
secureCodeBox (SCB) - continuous secure delivery out of the box
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.
This repo includes Books and imp notes related to GCP, Azure, AWS, Docker, K8s, and DevOps. More, exam and interview prep notes.
Attack surface detector that identifies endpoints by static analysis
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
JavaSecLab is a comprehensive Java vulnerability platform| JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
Collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity.
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.
🛡️ Open-source and next-generation Web Application Firewall (WAF)
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
🧵 CLI tool for directly patching container images!
secureCodeBox (SCB) - continuous secure delivery out of the box
Enterprise-ready zero-trust access platform built on WireGuard®.
Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
This repo includes Books and imp notes related to GCP, Azure, AWS, Docker, K8s, and DevOps. More, exam and interview prep notes.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...
Mobile Reconnaissance Framework is a powerful, lightweight and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information wi...
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.
A deliberately vulnerable banking application designed for practicing secure code reviews and API security testing. Features common vulnerabilities found in real-world applications, making it an ideal...
Website, courses, documentation, blog and youtube video tracker.
Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hack...
secureCodeBox (SCB) - continuous secure delivery out of the box
🚀 Policy driven vetting of open source packages with malicious code analysis
SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It supports a variety of open source vulnerability scanners and integrat...
🧵 CLI tool for directly patching container images!
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
JavaSecLab is a comprehensive Java vulnerability platform| JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
Reusable GitHub Actions workflow examples for cloud native DevOps
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Attack surface detector that identifies endpoints by static analysis
This repo includes Books and imp notes related to GCP, Azure, AWS, Docker, K8s, and DevOps. More, exam and interview prep notes.
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.
🧵 CLI tool for directly patching container images!
JavaSecLab is a comprehensive Java vulnerability platform| JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
A FREE pragmatic DevOps learning to kickstart your DevOps career and knowledge in the Cloud Native era following the Agile MVP style! ⭐ (2025 plans for DevOps, Cloud, Platform, SRE, SWE)
secureCodeBox (SCB) - continuous secure delivery out of the box
Enterprise-ready zero-trust access platform built on WireGuard®.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
Focused malicious code detection ruleset, with a high protection-to-noise ratio
JavaSecLab is a comprehensive Java vulnerability platform| JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
🚀 Policy driven vetting of open source packages with malicious code analysis
SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane. It protects your secrets and helps your ops, SREs, and sysadmins manage sensitive data securely with minimal overhe...
A centralized hub for platform engineering teams, providing resources, best practices, and automation tools. Includes IaC templates, blueprints, and operational guides to help build scalable, secure, ...
Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hack...
Website, courses, documentation, blog and youtube video tracker.
The content in this repo is based on the self-paced course called Certified in Cybersecurity from (ISC)2, which is a preparation for (ISC)2 Certified in Cybersecurity. And Also Dump Question which wil...
🧵 CLI tool for directly patching container images!
Blackdagger is a DAG-based automation tool specifically used in DevOps, DevSecOps, MLOps, MLSecOps, and Continuous Red Teaming (CART).
A deliberately vulnerable banking application designed for practicing secure code reviews and API security testing. Features common vulnerabilities found in real-world applications, making it an ideal...
Stop leaks. Safeguard your secrets with GitGuardian. GitGuardian actively prevents accidental exposure of sensitive information in your code, allowing you to code confidently and maintain the integrit...
secureCodeBox (SCB) - continuous secure delivery out of the box
sdlc_python 是一个基于python语言构建的devsecops平台,旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识(对应sdlc中对开发人员的安全培训),并且使用了大模型进行代码安全审计(对应sdlc中代码审计阶段),帮助企业进行安全左移。除了用于 DevSecOps 实践外,sdlc_python 还可以用于学习漏洞知...
SBOM Assembler - A tool to edit SBOM or assemble multiple sboms into a single sbom.
SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It supports a variety of open source vulnerability scanners and integrat...
opensecurity: open-source security and compliance. See and secure your cloud, containers, code, networks, deployments, devices. Define your rules, get precise checks, fix gaps fast. Streamlined audits...
JavaSecLab is a comprehensive Java vulnerability platform| JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
Comprehensive set of Terraform coding standards designed for enterprise-level projects
A multi-vault secret injection tool for safely injecting secrets into app environment
Focused malicious code detection ruleset, with a high protection-to-noise ratio
A deliberately vulnerable banking application designed for practicing secure code reviews and API security testing. Features common vulnerabilities found in real-world applications, making it an ideal...
sdlc 是一个基于 Go 语言构建的安全漏洞示范平台,旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识,除了可以用于devsecops以外,还可以用于安全行业从事者学习漏洞知识或者渗透知识,代码审计,提供了一个实践和学习的环境。本项目采用了前后端分离的设计模式,其中后端利用了轻量级框架 Gin,而前端则使用了 Vue 3。
sdlc_python 是一个基于python语言构建的devsecops平台,旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识(对应sdlc中对开发人员的安全培训),并且使用了大模型进行代码安全审计(对应sdlc中代码审计阶段),帮助企业进行安全左移。除了用于 DevSecOps 实践外,sdlc_python 还可以用于学习漏洞知...
SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane. It protects your secrets and helps your ops, SREs, and sysadmins manage sensitive data securely with minimal overhe...
Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teams
A centralized hub for platform engineering teams, providing resources, best practices, and automation tools. Includes IaC templates, blueprints, and operational guides to help build scalable, secure, ...
Gixposed is a powerful command-line tool designed to search the commit history of Git repositories for sensitive information, such as API keys and access tokens. Its purpose is to help developers and ...
Building FlashFathom AI SAAS project that generate Flascards - Deployment Using DevSecOps Best Practices
Stop leaks. Safeguard your secrets with GitGuardian. GitGuardian actively prevents accidental exposure of sensitive information in your code, allowing you to code confidently and maintain the integrit...
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...
A FREE pragmatic DevOps learning to kickstart your DevOps career and knowledge in the Cloud Native era following the Agile MVP style! ⭐ (2025 plans for DevOps, Cloud, Platform, SRE, SWE)
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Enterprise-ready zero-trust access platform built on WireGuard®.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
opensecurity: open-source security and compliance. See and secure your cloud, containers, code, networks, deployments, devices. Define your rules, get precise checks, fix gaps fast. Streamlined audits...
DevSecOps, ASPM, Vulnerability Management. All on one platform.
JavaSecLab is a comprehensive Java vulnerability platform| JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Website, courses, documentation, blog and youtube video tracker.
SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane. It protects your secrets and helps your ops, SREs, and sysadmins manage sensitive data securely with minimal overhe...
A deliberately vulnerable banking application designed for practicing secure code reviews and API security testing. Features common vulnerabilities found in real-world applications, making it an ideal...
sdlc 是一个基于 Go 语言构建的安全漏洞示范平台,旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识,除了可以用于devsecops以外,还可以用于安全行业从事者学习漏洞知识或者渗透知识,代码审计,提供了一个实践和学习的环境。本项目采用了前后端分离的设计模式,其中后端利用了轻量级框架 Gin,而前端则使用了 Vue 3。
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
Toolchain for the evaluation of different devsecops practices
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
Realtime secret and configuration management tool, with the best in class security and seamless integration support
A FREE pragmatic DevOps learning to kickstart your DevOps career and knowledge in the Cloud Native era following the Agile MVP style! ⭐ (2025 plans for DevOps, Cloud, Platform, SRE, SWE)
Ultimate Tasks Automation Framework for Hackers, DevSecOps, Pentesters, and Bug-bounty hunters!
Blackdagger is a DAG-based automation tool specifically used in DevOps, DevSecOps, MLOps, MLSecOps, and Continuous Red Teaming (CART).
Welcome to the official repository for our class! 📚👩💻 Here, you'll find a organized collection of class notes, assignments, and code snippets generated during our sessions.
Mobile Reconnaissance Framework is a powerful, lightweight and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information wi...
🛡️ Open-source and next-generation Web Application Firewall (WAF)