ThreatMapper by deepfence

Open Source Cloud Native Application Protection Platform (CNAPP)

updated at May 26, 2024, 2:54 a.m.

58 +0

4,663 +6

571 +0

trufflehog by trufflesecurity

Find and verify secrets

updated at May 26, 2024, 2:42 a.m.

167 +1

14,096 +66

1,532 +4

trivy by aquasecurity

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

updated at May 26, 2024, 2:38 a.m.

169 +0

21,656 +72

2,135 +7

sops by getsops

Simple and flexible tool for managing secrets

updated at May 26, 2024, 1:02 a.m.

117 +0

15,302 +44

821 +3

juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

updated at May 25, 2024, 11:38 p.m.

156 +0

9,651 +20

9,526 +49

blackbox by StackExchange

Safely store secrets in Git/Mercurial/Subversion

updated at May 25, 2024, 9:42 p.m.

121 +0

6,636 +6

370 +0

cosign by sigstore

Code signing and transparency for containers and binaries

updated at May 25, 2024, 9:19 p.m.

51 -1

4,148 +19

497 -1

zaproxy by zaproxy

The ZAP core project

updated at May 25, 2024, 8:58 p.m.

395 +0

12,100 +28

2,198 +2

phan by phan

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

updated at May 25, 2024, 8:27 p.m.

107 +0

5,503 +1

360 +0

brakeman by presidentbeef

A static analysis security vulnerability scanner for Ruby on Rails applications

updated at May 25, 2024, 7:34 p.m.

165 +0

6,920 +6

715 +2

progpilot by designsecurity

A static analysis tool for security

updated at May 25, 2024, 7:26 p.m.

14 +0

316 +2

63 +0

terrascan by tenable

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

updated at May 25, 2024, 6:58 p.m.

68 +1

4,538 +4

495 +1

rekor by sigstore

Software Supply Chain Transparency Log

updated at May 25, 2024, 6:05 p.m.

18 +0

840 +2

156 +0

harden-runner by step-security

Network egress filtering and runtime security for GitHub-hosted and self-hosted runners

updated at May 25, 2024, 4:34 p.m.

6 -1

533 +2

41 +0

badssl.com by chromium

Memorable site for testing clients against bad SSL configs.

updated at May 25, 2024, 4:30 p.m.

53 +0

2,752 +4

185 +0

kics by Checkmarx

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

updated at May 25, 2024, 4:27 p.m.

25 +0

1,924 +9

286 +0

clair by quay

Vulnerability Static Analysis for Containers

updated at May 25, 2024, 3:37 p.m.

228 +0

10,084 +14

1,151 +1

hadolint by hadolint

Dockerfile linter, validate inline bash, written in Haskell

updated at May 25, 2024, 3:01 p.m.

67 +2

9,905 +96

400 +6

detect-secrets by Yelp

An enterprise friendly way of detecting and preventing secrets in code.

updated at May 25, 2024, 12:47 p.m.

48 +0

3,508 +16

436 +1

spotbugs by spotbugs

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

updated at May 25, 2024, 12:06 p.m.

77 +0

3,371 +7

576 +0