trivy by aquasecurity

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

created at April 11, 2019, 1:01 a.m.

170 +1

21,796 +75

2,145 +4

gitleaks by gitleaks

Protect and discover secrets using Gitleaks 🔑

created at Jan. 27, 2018, 6:19 p.m.

154 +1

15,536 +86

1,335 +7

sops by getsops

Simple and flexible tool for managing secrets

created at Aug. 13, 2015, 10:11 p.m.

117 +1

15,402 +38

833 +6

trufflehog by trufflesecurity

Find and verify secrets

created at Dec. 31, 2016, 5:08 a.m.

167 +0

14,195 +67

1,544 +9

zaproxy by zaproxy

The ZAP core project

created at June 3, 2015, 4:55 p.m.

395 +0

12,164 +38

2,200 +1

git-secrets by awslabs

Prevents you from committing secrets and credentials into git repositories

created at July 15, 2015, 8:41 p.m.

195 +0

12,098 +16

1,157 +0

clair by quay

Vulnerability Static Analysis for Containers

created at Nov. 13, 2015, 6:46 p.m.

227 -1

10,101 +5

1,151 -3

hadolint by hadolint

Dockerfile linter, validate inline bash, written in Haskell

created at Nov. 15, 2015, 8:20 p.m.

68 +0

9,970 +26

403 +1

juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

created at Sept. 19, 2014, 2:53 p.m.

157 +1

9,696 +19

9,622 +55

docker-bench-security by docker

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

created at May 11, 2015, 12:57 a.m.

238 +0

8,961 +10

998 +1

gosec by GoASTScanner

Go security checker

created at July 18, 2016, 6:01 p.m.

89 +0

7,546 +11

590 +1

brakeman by presidentbeef

A static analysis security vulnerability scanner for Ruby on Rails applications

created at Aug. 27, 2010, midnight

165 +0

6,925 +3

717 +2

checkov by bridgecrewio

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

created at Nov. 27, 2019, 8:55 a.m.

59 +1

6,645 +28

1,062 +4

blackbox by StackExchange

Safely store secrets in Git/Mercurial/Subversion

created at April 6, 2014, 5:53 p.m.

121 +0

6,640 +2

370 +0

tfsec by aquasecurity

Security scanner for your Terraform code

created at March 4, 2019, 4:56 p.m.

71 +0

6,601 +5

530 -1

bandit by PyCQA

Bandit is a tool designed to find common security issues in Python code.

created at April 26, 2018, 9:08 a.m.

66 +0

6,080 +10

585 +1

gopass by gopasspw

The slightly more awesome standard unix password manager for teams

created at Feb. 2, 2017, 12:33 p.m.

79 +0

5,700 +9

478 +2

phan by phan

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

created at Oct. 22, 2015, 2:34 p.m.

108 +0

5,509 +3

360 +0

ThreatMapper by deepfence

Open Source Cloud Native Application Protection Platform (CNAPP)

created at Feb. 6, 2020, 10:30 a.m.

58 +0

4,670 +1

572 +0

terrascan by tenable

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

created at Sept. 11, 2017, 3:11 a.m.

68 +0

4,563 +15

493 +0