samm by OWASP

SAMM stands for Software Assurance Maturity Model.

created at Aug. 16, 2013, 9:35 a.m.

65 +0

395 +0

132 +0

bandit by PyCQA

Bandit is a tool designed to find common security issues in Python code.

created at April 26, 2018, 9:08 a.m.

67 +0

6,057 +15

582 +1

hadolint by hadolint

Dockerfile linter, validate inline bash, written in Haskell

created at Nov. 15, 2015, 8:20 p.m.

67 +2

9,905 +96

400 +6

terrascan by tenable

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

created at Sept. 11, 2017, 3:11 a.m.

68 +1

4,538 +4

495 +1

credstash by fugue

A little utility for managing credentials in the cloud

created at April 20, 2015, 4:20 p.m.

70 +0

2,056 +1

217 +0

tfsec by aquasecurity

Security scanner for your Terraform code

created at March 4, 2019, 4:56 p.m.

71 +0

6,589 +6

530 +0

spotbugs by spotbugs

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

created at Nov. 4, 2016, 10:18 p.m.

77 +0

3,371 +7

576 +0

gauntlt by gauntlt

a ruggedization framework that embodies the principle "be mean to your code"

created at March 27, 2012, 7:29 p.m.

77 +0

972 +0

190 +0

NodeGoat by OWASP

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

created at Oct. 21, 2013, 7:14 p.m.

78 +0

1,834 +3

1,582 +2

gopass by gopasspw

The slightly more awesome standard unix password manager for teams

created at Feb. 2, 2017, 12:33 p.m.

79 +0

5,681 +6

475 +0

gosec by GoASTScanner

Go security checker

created at July 18, 2016, 6:01 p.m.

89 +0

7,525 +26

589 +1

ssllabs-scan by ssllabs

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

created at Oct. 14, 2014, 10:10 a.m.

95 +0

1,683 +1

239 +0

phan by phan

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

created at Oct. 22, 2015, 2:34 p.m.

107 +0

5,503 +1

360 +0

sops by getsops

Simple and flexible tool for managing secrets

created at Aug. 13, 2015, 10:11 p.m.

117 +0

15,302 +44

821 +3

blackbox by StackExchange

Safely store secrets in Git/Mercurial/Subversion

created at April 6, 2014, 5:53 p.m.

121 +0

6,636 +6

370 +0

gitleaks by gitleaks

Protect and discover secrets using Gitleaks 🔑

created at Jan. 27, 2018, 6:19 p.m.

153 +1

15,400 +27

1,326 +1

juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

created at Sept. 19, 2014, 2:53 p.m.

156 +0

9,651 +20

9,526 +49

brakeman by presidentbeef

A static analysis security vulnerability scanner for Ruby on Rails applications

created at Aug. 27, 2010, midnight

165 +0

6,920 +6

715 +2

trufflehog by trufflesecurity

Find and verify secrets

created at Dec. 31, 2016, 5:08 a.m.

167 +1

14,096 +66

1,532 +4

trivy by aquasecurity

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

created at April 11, 2019, 1:01 a.m.

169 +0

21,656 +72

2,135 +7