tfsec by aquasecurity

Security scanner for your Terraform code

created at March 4, 2019, 4:56 p.m.

71 +0

6,589 +6

530 +0

cosign by sigstore

Code signing and transparency for containers and binaries

created at Feb. 4, 2021, 12:49 p.m.

51 -1

4,148 +19

497 -1

terrascan by tenable

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

created at Sept. 11, 2017, 3:11 a.m.

68 +1

4,538 +4

495 +1

gopass by gopasspw

The slightly more awesome standard unix password manager for teams

created at Feb. 2, 2017, 12:33 p.m.

79 +0

5,681 +6

475 +0

detect-secrets by Yelp

An enterprise friendly way of detecting and preventing secrets in code.

created at Dec. 5, 2017, 12:38 a.m.

48 +0

3,508 +16

436 +1

hadolint by hadolint

Dockerfile linter, validate inline bash, written in Haskell

created at Nov. 15, 2015, 8:20 p.m.

67 +2

9,905 +96

400 +6

blackbox by StackExchange

Safely store secrets in Git/Mercurial/Subversion

created at April 6, 2014, 5:53 p.m.

121 +0

6,636 +6

370 +0

phan by phan

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

created at Oct. 22, 2015, 2:34 p.m.

107 +0

5,503 +1

360 +0

conftest by open-policy-agent

Write tests against structured configuration data using the Open Policy Agent Rego query language

created at March 28, 2019, 5:12 p.m.

27 +0

2,803 +5

297 +0

kics by Checkmarx

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

created at July 8, 2020, 9:46 p.m.

25 +0

1,924 +9

286 +0

wrongsecrets by OWASP

Vulnerable app with examples showing how to not use secrets

created at Aug. 19, 2020, 5:59 a.m.

17 +0

1,160 +4

276 +2

ssllabs-scan by ssllabs

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

created at Oct. 14, 2014, 10:10 a.m.

95 +0

1,683 +1

239 +0

awesome-threat-modelling by hysnsec

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

created at Dec. 29, 2019, 6:30 a.m.

64 +0

1,274 +1

233 +1

credstash by fugue

A little utility for managing credentials in the cloud

created at April 20, 2015, 4:20 p.m.

70 +0

2,056 +1

217 +0

cfn_nag by stelligent

Linting tool for CloudFormation templates

created at Feb. 11, 2016, 1:15 p.m.

34 +0

1,225 +0

207 +0

gauntlt by gauntlt

a ruggedization framework that embodies the principle "be mean to your code"

created at March 27, 2012, 7:29 p.m.

77 +0

972 +0

190 +0

badssl.com by chromium

Memorable site for testing clients against bad SSL configs.

created at April 7, 2015, 10:37 p.m.

53 +0

2,752 +4

185 +0

kube-score by zegl

Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

created at Sept. 16, 2018, 1:19 p.m.

23 +0

2,615 +6

173 +0

teller by tellerops

Cloud native secrets management for developers - never leave your command line for secrets.

created at March 24, 2021, 10:49 a.m.

28 +2

2,563 +7

166 +1

chef-vault by chef

Securely manage passwords, certs, and other secrets in Chef

created at April 8, 2013, 6:05 p.m.

52 +0

407 +0

161 +0