trivy by aquasecurity

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

created at April 11, 2019, 1:01 a.m.

171 +0

21,301 +88

2,099 +10

gitleaks by gitleaks

Protect and discover secrets using Gitleaks 🔑

created at Jan. 27, 2018, 6:19 p.m.

152 +0

15,211 +41

1,308 +3

sops by getsops

Simple and flexible tool for managing secrets

created at Aug. 13, 2015, 10:11 p.m.

116 +0

15,082 +45

809 +2

trufflehog by trufflesecurity

Find and verify credentials

created at Dec. 31, 2016, 5:08 a.m.

167 +0

13,857 +42

1,509 +0

git-secrets by awslabs

Prevents you from committing secrets and credentials into git repositories

created at July 15, 2015, 8:41 p.m.

196 +1

12,006 +19

1,152 +1

zaproxy by zaproxy

The ZAP core project

created at June 3, 2015, 4:55 p.m.

396 -1

11,970 +16

2,189 +6

clair by quay

Vulnerability Static Analysis for Containers

created at Nov. 13, 2015, 6:46 p.m.

228 +0

10,030 +10

1,150 +1

hadolint by hadolint

Dockerfile linter, validate inline bash, written in Haskell

created at Nov. 15, 2015, 8:20 p.m.

64 +0

9,687 +22

391 +2

juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

created at Sept. 19, 2014, 2:53 p.m.

154 +0

9,502 +24

9,251 +74

docker-bench-security by docker

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

created at May 11, 2015, 12:57 a.m.

237 +0

8,893 +15

993 +1

gosec by GoASTScanner

Go security checker

created at July 18, 2016, 6:01 p.m.

90 +0

7,434 +8

580 +1

brakeman by presidentbeef

A static analysis security vulnerability scanner for Ruby on Rails applications

created at Aug. 27, 2010, midnight

167 +0

6,908 +11

709 +1

blackbox by StackExchange

Safely store secrets in Git/Mercurial/Subversion

created at April 6, 2014, 5:53 p.m.

122 +0

6,620 +2

370 -1

tfsec by aquasecurity

Security scanner for your Terraform code

created at March 4, 2019, 4:56 p.m.

71 +0

6,545 +10

526 +2

checkov by bridgecrewio

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

created at Nov. 27, 2019, 8:55 a.m.

57 +0

6,509 +18

1,035 +0

bandit by PyCQA

Bandit is a tool designed to find common security issues in Python code.

created at April 26, 2018, 9:08 a.m.

67 +0

5,970 +22

576 +0

gopass by gopasspw

The slightly more awesome standard unix password manager for teams

created at Feb. 2, 2017, 12:33 p.m.

78 +0

5,642 +9

472 +1

phan by phan

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

created at Oct. 22, 2015, 2:34 p.m.

107 +0

5,496 +1

359 +0

ThreatMapper by deepfence

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

created at Feb. 6, 2020, 10:30 a.m.

58 +1

4,629 +6

566 +1

terrascan by tenable

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

created at Sept. 11, 2017, 3:11 a.m.

66 +0

4,494 +20

492 +0