fulcio by sigstore

Sigstore OIDC PKI

created at Feb. 23, 2021, 3:19 p.m.

17 +0

610 +2

127 +1

samm by OWASP

SAMM stands for Software Assurance Maturity Model.

created at Aug. 16, 2013, 9:35 a.m.

65 +0

395 +0

132 +0

rekor by sigstore

Software Supply Chain Transparency Log

created at June 17, 2020, 12:04 p.m.

18 +0

840 +2

156 +0

security-code-scan by security-code-scan

Vulnerability Patterns Detector for C# and VB.NET

created at Dec. 31, 2017, 9:38 a.m.

32 +0

923 +3

157 +0

chef-vault by chef

Securely manage passwords, certs, and other secrets in Chef

created at April 8, 2013, 6:05 p.m.

52 +0

407 +0

161 +0

teller by tellerops

Cloud native secrets management for developers - never leave your command line for secrets.

created at March 24, 2021, 10:49 a.m.

28 +2

2,563 +7

166 +1

kube-score by zegl

Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

created at Sept. 16, 2018, 1:19 p.m.

23 +0

2,615 +6

173 +0

badssl.com by chromium

Memorable site for testing clients against bad SSL configs.

created at April 7, 2015, 10:37 p.m.

53 +0

2,752 +4

185 +0

gauntlt by gauntlt

a ruggedization framework that embodies the principle "be mean to your code"

created at March 27, 2012, 7:29 p.m.

77 +0

972 +0

190 +0

cfn_nag by stelligent

Linting tool for CloudFormation templates

created at Feb. 11, 2016, 1:15 p.m.

34 +0

1,225 +0

207 +0

credstash by fugue

A little utility for managing credentials in the cloud

created at April 20, 2015, 4:20 p.m.

70 +0

2,056 +1

217 +0

awesome-threat-modelling by hysnsec

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

created at Dec. 29, 2019, 6:30 a.m.

64 +0

1,274 +1

233 +1

ssllabs-scan by ssllabs

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

created at Oct. 14, 2014, 10:10 a.m.

95 +0

1,683 +1

239 +0

wrongsecrets by OWASP

Vulnerable app with examples showing how to not use secrets

created at Aug. 19, 2020, 5:59 a.m.

17 +0

1,160 +4

276 +2

kics by Checkmarx

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

created at July 8, 2020, 9:46 p.m.

25 +0

1,924 +9

286 +0

conftest by open-policy-agent

Write tests against structured configuration data using the Open Policy Agent Rego query language

created at March 28, 2019, 5:12 p.m.

27 +0

2,803 +5

297 +0

phan by phan

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

created at Oct. 22, 2015, 2:34 p.m.

107 +0

5,503 +1

360 +0

blackbox by StackExchange

Safely store secrets in Git/Mercurial/Subversion

created at April 6, 2014, 5:53 p.m.

121 +0

6,636 +6

370 +0

hadolint by hadolint

Dockerfile linter, validate inline bash, written in Haskell

created at Nov. 15, 2015, 8:20 p.m.

67 +2

9,905 +96

400 +6

detect-secrets by Yelp

An enterprise friendly way of detecting and preventing secrets in code.

created at Dec. 5, 2017, 12:38 a.m.

48 +0

3,508 +16

436 +1