selefra by selefra

The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).

created at March 21, 2023, 4:28 p.m.

6 +0

510 +0

36 +0

harden-runner by step-security

Network egress filtering and runtime security for GitHub-hosted and self-hosted runners

created at Oct. 28, 2021, 4:58 p.m.

6 -1

533 +2

41 +0

preflight by SpectralOps

preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack.

created at April 29, 2021, 10:37 a.m.

6 +0

150 +0

45 +0

overlay by os-scar

Overlay is a browser extension helping developers evaluate open source packages before picking them

created at Jan. 29, 2023, 12:33 p.m.

7 +0

209 +0

17 +0

appsec-education by duo-labs

Presentations, training modules, and other education materials from Duo Security's Application Security team.

created at Oct. 22, 2019, 4:40 p.m.

9 +0

67 +0

14 +0

cfngoat by bridgecrewio

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

created at April 25, 2020, 12:47 a.m.

10 +0

91 +1

616 +1

progpilot by designsecurity

A static analysis tool for security

created at June 20, 2017, 6:04 p.m.

14 +0

316 +2

63 +0

raindance by devsecops

Project intended to make Attack Maps part of software development by reducing the time it takes to complete them.

created at March 30, 2016, 7:01 a.m.

14 +0

43 +0

22 +0

netz by SpectralOps

Discover internet-wide misconfigurations while drinking coffee

created at March 3, 2021, 6:47 p.m.

14 +0

376 +1

46 +0

automatic-api-attack-tool by imperva

Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.

created at Nov. 6, 2019, 7:53 a.m.

15 +0

438 +0

91 +0

flawfinder by david-a-wheeler

a static analysis tool for finding vulnerabilities in C/C++ source code

created at Nov. 12, 2018, 5:23 p.m.

16 +0

456 +2

81 +0

keyscope by SpectralOps

Keyscope is a key and secret workflow (validation, invalidation, etc.) tool built in Rust

created at Oct. 1, 2021, 12:01 p.m.

17 +0

377 +0

119 +0

fulcio by sigstore

Sigstore OIDC PKI

created at Feb. 23, 2021, 3:19 p.m.

17 +0

610 +2

127 +1

wrongsecrets by OWASP

Vulnerable app with examples showing how to not use secrets

created at Aug. 19, 2020, 5:59 a.m.

17 +0

1,160 +4

276 +2

rekor by sigstore

Software Supply Chain Transparency Log

created at June 17, 2020, 12:04 p.m.

18 +0

840 +2

156 +0

scanner-cli by hawkeyesec

A project security/vulnerability/risk scanning tool

created at March 18, 2017, 3:24 p.m.

19 +0

359 +0

89 +0

terragoat by bridgecrewio

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

created at March 27, 2020, 4:56 p.m.

23 +0

1,107 +3

2,345 +6

kube-score by zegl

Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

created at Sept. 16, 2018, 1:19 p.m.

23 +0

2,615 +6

173 +0

kics by Checkmarx

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

created at July 8, 2020, 9:46 p.m.

25 +0

1,924 +9

286 +0

kubectl-kubesec by controlplaneio

Security risk analysis for Kubernetes resources

created at May 8, 2018, 8:52 a.m.

25 +0

504 +1

37 +0