Trending repositories for topic devsecops
JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
The GitHub/GitLab for database DevSecOps. World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams.
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
A FREE pragmatic plan to kickstart your DevOps Engineer career in the Cloud Native era following the Agile MVP style! ⭐ (2025)
A multi-vault secret injection tool for safely injecting secrets into app environment
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
🧵 CLI tool for directly patching container images!
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
A multi-vault secret injection tool for safely injecting secrets into app environment
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
A FREE pragmatic plan to kickstart your DevOps Engineer career in the Cloud Native era following the Agile MVP style! ⭐ (2025)
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
🧵 CLI tool for directly patching container images!
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
A list of online news & info sources in the InfoSec/Cybersecurity space
Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and so on
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
The GitHub/GitLab for database DevSecOps. World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams.
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
A FREE pragmatic plan to kickstart your DevOps Engineer career in the Cloud Native era following the Agile MVP style! ⭐ (2025)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
The GitHub/GitLab for database DevSecOps. World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
A multi-vault secret injection tool for safely injecting secrets into app environment
🧵 CLI tool for directly patching container images!
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Enterprise-ready zero-trust access platform built on WireGuard®.
JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
A multi-vault secret injection tool for safely injecting secrets into app environment
A FREE pragmatic plan to kickstart your DevOps Engineer career in the Cloud Native era following the Agile MVP style! ⭐ (2025)
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
🧵 CLI tool for directly patching container images!
Website, courses, documentation, blog and youtube video tracker.
Welcome to the official repository for our class! 📚👩💻 Here, you'll find a organized collection of class notes, assignments, and code snippets generated during our sessions.
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
SecObserve is an open source vulnerability management system for software development and cloud environments. It supports a variety of open source vulnerability scanners and integrates easily into CI/...
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
Scans Software Bill of Materials (SBOMs) for security vulnerabilities
A list of online news & info sources in the InfoSec/Cybersecurity space
Security interview questions with possible explanation for roles in AppSec, Pentesting, Cloud Security, DevSecOps, Network Security and so on
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Gixposed is a powerful command-line tool designed to search the commit history of Git repositories for sensitive information, such as API keys and access tokens. Its purpose is to help developers and ...
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
A FREE pragmatic plan to kickstart your DevOps Engineer career in the Cloud Native era following the Agile MVP style! ⭐ (2025)
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
The GitHub/GitLab for database DevSecOps. World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams.
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
A multi-vault secret injection tool for safely injecting secrets into app environment
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
Enterprise-ready zero-trust access platform built on WireGuard®.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
🧵 CLI tool for directly patching container images!
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
A multi-vault secret injection tool for safely injecting secrets into app environment
Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teams
The content in this repo is based on the self-paced course called Certified in Cybersecurity from (ISC)2, which is a preparation for (ISC)2 Certified in Cybersecurity. And Also Dump Question which wil...
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
A FREE pragmatic plan to kickstart your DevOps Engineer career in the Cloud Native era following the Agile MVP style! ⭐ (2025)
Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hack...
Website, courses, documentation, blog and youtube video tracker.
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
Welcome to the official repository for our class! 📚👩💻 Here, you'll find a organized collection of class notes, assignments, and code snippets generated during our sessions.
Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure
🧵 CLI tool for directly patching container images!
A FREE pragmatic plan to kickstart your DevOps Engineer career in the Cloud Native era following the Agile MVP style! ⭐ (2025)
JavaSecLab是一款综合型Java漏洞平台,提供相关漏洞缺陷代码、修复代码、漏洞场景、审计SINK点、安全编码规范,覆盖多种漏洞场景,友好用户交互UI……
Comprehensive set of Terraform coding standards designed for enterprise-level projects
sdlc 是一个基于 Go 语言构建的安全漏洞示范平台,旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识,除了可以用于devsecops以外,还可以用于安全行业从事者学习漏洞知识或者渗透知识,代码审计,提供了一个实践和学习的环境。本项目采用了前后端分离的设计模式,其中后端利用了轻量级框架 Gin,而前端则使用了 Vue 3。
A multi-vault secret injection tool for safely injecting secrets into app environment
sdlc_python 是一个基于python语言构建的devsecops平台,旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识(对应sdlc中对开发人员的安全培训),并且使用了大模型进行代码安全审计(对应sdlc中代码审计阶段),帮助企业进行安全左移。除了用于 DevSecOps 实践外,sdlc_python 还可以用于学习漏洞知...
Welcome to the official repository for our class! 📚👩💻 Here, you'll find a organized collection of class notes, assignments, and code snippets generated during our sessions.
The content in this repo is based on the self-paced course called Certified in Cybersecurity from (ISC)2, which is a preparation for (ISC)2 Certified in Cybersecurity. And Also Dump Question which wil...
Blackdagger is a DAG-based automation tool specifically used in DevOps, DevSecOps, MLOps, MLSecOps, and Continuous Red Teaming (CART).
Cyber-Security Bible! Theory and Tools, Kali Linux, Penetration Testing, Bug Bounty, CTFs, Malware Analysis, Cryptography, Secure Programming, Web App Security, Cloud Security, Devsecops, Ethical Hack...
Repository containing source code of MixewayFlow service that is Swiss army knife for DevSecOps Teams
Gixposed is a powerful command-line tool designed to search the commit history of Git repositories for sensitive information, such as API keys and access tokens. Its purpose is to help developers and ...
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
The GitHub/GitLab for database DevSecOps. World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams.
🛡️ Open-source and next-generation Web Application Firewall (WAF)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and ...
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. ...
A FREE pragmatic plan to kickstart your DevOps Engineer career in the Cloud Native era following the Agile MVP style! ⭐ (2025)
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Enterprise-ready zero-trust access platform built on WireGuard®.
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
DevSecOps, ASPM, Vulnerability Management. All on one platform.
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.
sdlc 是一个基于 Go 语言构建的安全漏洞示范平台,旨在促进 DevSecOps 和安全开发生命周期 (SDLC) 实践。它通过模拟常见漏洞来增强开发人员的安全意识,除了可以用于devsecops以外,还可以用于安全行业从事者学习漏洞知识或者渗透知识,代码审计,提供了一个实践和学习的环境。本项目采用了前后端分离的设计模式,其中后端利用了轻量级框架 Gin,而前端则使用了 Vue 3。
A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.
This repository contains a list of roadmaps I created with my suggestions on LinkedIn and Twitter.🤞🏻😌
Website, courses, documentation, blog and youtube video tracker.
Ultimate Tasks Automation Framework for Hackers, DevSecOps, Pentesters, and Bug-bounty hunters!
Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collec...
SecObserve is an open source vulnerability management system for software development and cloud environments. It supports a variety of open source vulnerability scanners and integrates easily into CI/...
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
Service that scans your Infrastructure as Code for common vulnerabilities
A curated list of MLSecOps tools, articles and other resources on security applied to Machine Learning and MLOps systems.
Mobile Reconnaissance Framework is a powerful, lightweight and platform-independent offensive mobile security tool designed to help hackers and developers identify and address sensitive information wi...
A set of lessons aimed at anyone learning LLM and generative AI concepts, with sections on operations and security, as well as development.
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...