rekor by sigstore

Software Supply Chain Transparency Log

updated at May 12, 2024, 6:24 p.m.

18 +0

838 +4

156 +0

dawnscanner by thesp0nge

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

updated at May 12, 2024, 6:20 p.m.

33 +0

731 +0

88 +0

kube-score by zegl

Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

updated at May 12, 2024, 4:30 p.m.

23 +0

2,601 +13

174 +0

terrascan by tenable

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

updated at May 12, 2024, 4:10 p.m.

67 +0

4,527 +9

492 +0

gosec by GoASTScanner

Go security checker

updated at May 12, 2024, 3:51 p.m.

89 +0

7,490 +23

586 +1

cosign by sigstore

Code signing and transparency for containers and binaries

updated at May 12, 2024, 1:54 p.m.

52 +0

4,115 +20

498 +2

teller by tellerops

Cloud native secrets management for developers - never leave your command line for secrets.

updated at May 12, 2024, 1:26 p.m.

26 +0

2,551 +0

165 +1

blackbox by StackExchange

Safely store secrets in Git/Mercurial/Subversion

updated at May 12, 2024, 5:35 a.m.

121 -1

6,627 +3

370 +0

harden-runner by step-security

Network egress filtering and runtime security for GitHub-hosted and self-hosted runners

updated at May 12, 2024, 5:24 a.m.

7 +0

524 +10

41 +0

spotbugs by spotbugs

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

updated at May 12, 2024, 4 a.m.

77 +0

3,359 +11

575 +0

ThreatMapper by deepfence

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

updated at May 12, 2024, 3:54 a.m.

58 +0

4,647 +11

569 +1

gitleaks by gitleaks

Protect and discover secrets using Gitleaks 🔑

updated at May 12, 2024, 1:41 a.m.

153 +0

15,336 +28

1,321 +6

zaproxy by zaproxy

The ZAP core project

updated at May 11, 2024, 11:47 p.m.

395 -2

12,042 +25

2,193 +3

trufflehog by trufflesecurity

Find and verify secrets

updated at May 11, 2024, 11:34 p.m.

166 +0

13,993 +38

1,520 +4

hadolint by hadolint

Dockerfile linter, validate inline bash, written in Haskell

updated at May 11, 2024, 11:04 p.m.

65 +0

9,777 +41

394 +1

sops by getsops

Simple and flexible tool for managing secrets

updated at May 11, 2024, 8:28 p.m.

116 -1

15,209 +36

815 +1

gopass by gopasspw

The slightly more awesome standard unix password manager for teams

updated at May 11, 2024, 8:15 p.m.

78 +0

5,667 +8

475 +1

juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

updated at May 11, 2024, 6:15 p.m.

156 +0

9,589 +31

9,399 +50

kics by Checkmarx

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

updated at May 11, 2024, 2:48 p.m.

25 +0

1,909 +7

286 +0

trivy by aquasecurity

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

updated at May 11, 2024, 11:42 a.m.

169 +0

21,514 +77

2,118 +7