kubernetes-goat by madhuakula

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

updated at May 25, 2024, 11:53 a.m.

56 +0

4,016 +13

671 +1

gosec by GoASTScanner

Go security checker

updated at May 25, 2024, 11:50 a.m.

89 +0

7,525 +26

589 +1

docker-bench-security by docker

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

updated at May 25, 2024, 8:44 a.m.

237 +0

8,944 +5

996 +1

bandit by PyCQA

Bandit is a tool designed to find common security issues in Python code.

updated at May 25, 2024, 8:39 a.m.

67 +0

6,057 +15

582 +1

fulcio by sigstore

Sigstore OIDC PKI

updated at May 25, 2024, 8:08 a.m.

17 +0

610 +2

127 +1

gopass by gopasspw

The slightly more awesome standard unix password manager for teams

updated at May 25, 2024, 1:18 a.m.

79 +0

5,681 +6

475 +0

security-code-scan by security-code-scan

Vulnerability Patterns Detector for C# and VB.NET

updated at May 25, 2024, 12:23 a.m.

32 +0

923 +3

157 +0

selefra by selefra

The open-source policy-as-code software that provides analysis for Multi-Cloud and SaaS environments, you can get insight with natural language (powered by OpenAI).

updated at May 25, 2024, 12:11 a.m.

6 +0

510 +0

36 +0

cfngoat by bridgecrewio

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

updated at May 24, 2024, 11:39 p.m.

10 +0

91 +1

616 +1

terragoat by bridgecrewio

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

updated at May 24, 2024, 11:38 p.m.

23 +0

1,107 +3

2,345 +6

checkov by bridgecrewio

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

updated at May 24, 2024, 11:01 p.m.

58 +0

6,602 +16

1,055 +2

wrongsecrets by OWASP

Vulnerable app with examples showing how to not use secrets

updated at May 24, 2024, 11 p.m.

17 +0

1,160 +4

276 +2

NodeGoat by OWASP

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

updated at May 24, 2024, 10:57 p.m.

78 +0

1,834 +3

1,582 +2

knox by pinterest

Knox is a secret management service

updated at May 24, 2024, 10:02 p.m.

43 +0

1,221 +1

103 -17

gitleaks by gitleaks

Protect and discover secrets using Gitleaks 🔑

updated at May 24, 2024, 8:18 p.m.

153 +1

15,400 +27

1,326 +1

git-secrets by awslabs

Prevents you from committing secrets and credentials into git repositories

updated at May 24, 2024, 7:31 p.m.

195 +0

12,071 +8

1,155 +0

awesome-threat-modelling by hysnsec

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

updated at May 24, 2024, 5:53 p.m.

64 +0

1,274 +1

233 +1

tfsec by aquasecurity

Security scanner for your Terraform code

updated at May 24, 2024, 4:56 p.m.

71 +0

6,589 +6

530 +0

dawnscanner by thesp0nge

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

updated at May 24, 2024, 4:36 p.m.

33 +0

732 +1

88 +0

ansible-lint by ansible

ansible-lint checks playbooks for practices and behavior that could potentially be improved and can fix some of the most common ones for you

updated at May 24, 2024, 10:52 a.m.

60 -1

3,359 +4

634 +2