trivy by aquasecurity

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

created at April 11, 2019, 1:01 a.m.

169 +0

21,514 +77

2,118 +7

gitleaks by gitleaks

Protect and discover secrets using Gitleaks 🔑

created at Jan. 27, 2018, 6:19 p.m.

153 +0

15,336 +28

1,321 +6

sops by getsops

Simple and flexible tool for managing secrets

created at Aug. 13, 2015, 10:11 p.m.

116 -1

15,209 +36

815 +1

trufflehog by trufflesecurity

Find and verify secrets

created at Dec. 31, 2016, 5:08 a.m.

166 +0

13,993 +38

1,520 +4

git-secrets by awslabs

Prevents you from committing secrets and credentials into git repositories

created at July 15, 2015, 8:41 p.m.

195 -1

12,049 +13

1,154 +0

zaproxy by zaproxy

The ZAP core project

created at June 3, 2015, 4:55 p.m.

395 -2

12,042 +25

2,193 +3

clair by quay

Vulnerability Static Analysis for Containers

created at Nov. 13, 2015, 6:46 p.m.

228 +0

10,056 +4

1,149 +0

hadolint by hadolint

Dockerfile linter, validate inline bash, written in Haskell

created at Nov. 15, 2015, 8:20 p.m.

65 +0

9,777 +41

394 +1

juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

created at Sept. 19, 2014, 2:53 p.m.

156 +0

9,589 +31

9,399 +50

docker-bench-security by docker

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

created at May 11, 2015, 12:57 a.m.

237 +0

8,926 +9

994 +0

gosec by GoASTScanner

Go security checker

created at July 18, 2016, 6:01 p.m.

89 +0

7,490 +23

586 +1

brakeman by presidentbeef

A static analysis security vulnerability scanner for Ruby on Rails applications

created at Aug. 27, 2010, midnight

166 +0

6,915 +3

712 +2

blackbox by StackExchange

Safely store secrets in Git/Mercurial/Subversion

created at April 6, 2014, 5:53 p.m.

121 -1

6,627 +3

370 +0

tfsec by aquasecurity

Security scanner for your Terraform code

created at March 4, 2019, 4:56 p.m.

71 +0

6,576 +4

529 +0

checkov by bridgecrewio

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

created at Nov. 27, 2019, 8:55 a.m.

58 +0

6,567 +9

1,049 +5

bandit by PyCQA

Bandit is a tool designed to find common security issues in Python code.

created at April 26, 2018, 9:08 a.m.

67 +0

6,025 +12

582 +1

gopass by gopasspw

The slightly more awesome standard unix password manager for teams

created at Feb. 2, 2017, 12:33 p.m.

78 +0

5,667 +8

475 +1

phan by phan

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

created at Oct. 22, 2015, 2:34 p.m.

107 +0

5,502 +1

360 +1

ThreatMapper by deepfence

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

created at Feb. 6, 2020, 10:30 a.m.

58 +0

4,647 +11

569 +1

terrascan by tenable

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

created at Sept. 11, 2017, 3:11 a.m.

67 +0

4,527 +9

492 +0