cosign by sigstore

Code signing and transparency for containers and binaries

created at Feb. 4, 2021, 12:49 p.m.

52 +0

4,095 +20

496 +1

detect-secrets by Yelp

An enterprise friendly way of detecting and preventing secrets in code.

created at Dec. 5, 2017, 12:38 a.m.

48 -1

3,478 +9

431 +4

spotbugs by spotbugs

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

created at Nov. 4, 2016, 10:18 p.m.

77 -1

3,348 +7

575 +2

ansible-lint by ansible

ansible-lint checks playbooks for practices and behavior that could potentially be improved and can fix some of the most common ones for you

created at Aug. 14, 2013, 11:08 a.m.

61 +0

3,344 +8

630 +2

conftest by open-policy-agent

Write tests against structured configuration data using the Open Policy Agent Rego query language

created at March 28, 2019, 5:12 p.m.

27 +0

2,790 +2

296 +0

badssl.com by chromium

Memorable site for testing clients against bad SSL configs.

created at April 7, 2015, 10:37 p.m.

53 +0

2,740 +3

183 +0

kube-score by zegl

Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

created at Sept. 16, 2018, 1:19 p.m.

23 +1

2,588 +1

174 +1

teller by tellerops

Cloud native secrets management for developers - never leave your command line for secrets.

created at March 24, 2021, 10:49 a.m.

26 +0

2,551 +10

164 +0

credstash by fugue

A little utility for managing credentials in the cloud

created at April 20, 2015, 4:20 p.m.

70 +0

2,054 +0

217 +0

kics by Checkmarx

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

created at July 8, 2020, 9:46 p.m.

25 +0

1,902 +4

286 +0

NodeGoat by OWASP

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

created at Oct. 21, 2013, 7:14 p.m.

78 +0

1,828 +2

1,567 +3

ssllabs-scan by ssllabs

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

created at Oct. 14, 2014, 10:10 a.m.

95 -1

1,681 +0

240 +0

awesome-threat-modelling by hysnsec

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

created at Dec. 29, 2019, 6:30 a.m.

63 +1

1,260 +7

231 +0

cfn_nag by stelligent

Linting tool for CloudFormation templates

created at Feb. 11, 2016, 1:15 p.m.

34 +0

1,223 +3

207 +0

knox by pinterest

Knox is a secret management service

created at March 11, 2016, 7:19 p.m.

43 +0

1,220 +2

120 +0

terragoat by bridgecrewio

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

created at March 27, 2020, 4:56 p.m.

23 +0

1,102 +1

2,333 +4

gauntlt by gauntlt

a ruggedization framework that embodies the principle "be mean to your code"

created at March 27, 2012, 7:29 p.m.

77 +0

972 +0

190 +0

regula by fugue

Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes security and compliance using Open Policy Agent/Rego

created at Dec. 17, 2019, 2:27 p.m.

30 +0

934 +3

105 -1

security-code-scan by security-code-scan

Vulnerability Patterns Detector for C# and VB.NET

created at Dec. 31, 2017, 9:38 a.m.

32 +0

918 +5

157 +0

DevSkim by Microsoft

DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.

created at Aug. 3, 2016, 3:30 p.m.

36 +0

883 +0

115 +0