rekor by sigstore

Software Supply Chain Transparency Log

created at June 17, 2020, 12:04 p.m.

18 +0

834 +4

156 +0

dawnscanner by thesp0nge

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

created at April 4, 2013, 1:06 p.m.

33 +0

731 +2

88 +0

phpcs-security-audit by FloeDesignTechnologies

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

created at Oct. 22, 2013, 8:26 p.m.

44 +0

701 +0

86 +0

repo-supervisor by auth0

Scan your code for security misconfiguration, search for passwords and secrets.

created at Feb. 21, 2017, 8:06 p.m.

33 +0

633 -1

101 +0

fulcio by sigstore

Sigstore OIDC PKI

created at Feb. 23, 2021, 3:19 p.m.

17 +0

604 +4

126 +0

harden-runner by step-security

Network egress filtering and runtime security for GitHub-hosted and self-hosted runners

created at Oct. 28, 2021, 4:58 p.m.

7 +0

514 +11

41 +1

kubectl-kubesec by controlplaneio

Security risk analysis for Kubernetes resources

created at May 8, 2018, 8:52 a.m.

25 +0

500 +0

37 +0

flawfinder by david-a-wheeler

a static analysis tool for finding vulnerabilities in C/C++ source code

created at Nov. 12, 2018, 5:23 p.m.

16 +1

450 +2

81 +2

automatic-api-attack-tool by imperva

Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.

created at Nov. 6, 2019, 7:53 a.m.

15 +0

438 +2

91 +0

puma-scan by pumasecurity

Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.

created at Oct. 19, 2016, 11:02 p.m.

37 +0

437 +1

88 +0

chef-vault by chef

Securely manage passwords, certs, and other secrets in Chef

created at April 8, 2013, 6:05 p.m.

52 +0

407 +0

161 +0

samm by OWASP

SAMM stands for Software Assurance Maturity Model.

created at Aug. 16, 2013, 9:35 a.m.

65 +0

395 +0

134 +0

keyscope by SpectralOps

Keyscope is a key and secret workflow (validation, invalidation, etc.) tool built in Rust

created at Oct. 1, 2021, 12:01 p.m.

17 +0

376 +0

119 +0

netz by SpectralOps

Discover internet-wide misconfigurations while drinking coffee

created at March 3, 2021, 6:47 p.m.

14 +0

374 +1

46 +0

scanner-cli by hawkeyesec

A project security/vulnerability/risk scanning tool

created at March 18, 2017, 3:24 p.m.

19 +0

359 +0

89 +0

progpilot by designsecurity

A static analysis tool for security

created at June 20, 2017, 6:04 p.m.

15 +0

312 +0

63 +0

preflight by SpectralOps

preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack.

created at April 29, 2021, 10:37 a.m.

6 +0

149 +0

45 +0

cfngoat by bridgecrewio

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

created at April 25, 2020, 12:47 a.m.

10 +0

90 +0

614 +0

appsec-education by duo-labs

Presentations, training modules, and other education materials from Duo Security's Application Security team.

created at Oct. 22, 2019, 4:40 p.m.

9 +0

67 +0

14 +0

raindance by devsecops

Project intended to make Attack Maps part of software development by reducing the time it takes to complete them.

created at March 30, 2016, 7:01 a.m.

14 +0

43 +0

22 +0