cfn_nag by stelligent

Linting tool for CloudFormation templates

created at Feb. 11, 2016, 1:15 p.m.

34 +0

1,224 +1

207 +0

knox by pinterest

Knox is a secret management service

created at March 11, 2016, 7:19 p.m.

43 +0

1,220 +0

120 +0

raindance by devsecops

Project intended to make Attack Maps part of software development by reducing the time it takes to complete them.

created at March 30, 2016, 7:01 a.m.

14 +0

43 +0

22 +0

gosec by GoASTScanner

Go security checker

created at July 18, 2016, 6:01 p.m.

89 +0

7,490 +23

586 +1

DevSkim by Microsoft

DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.

created at Aug. 3, 2016, 3:30 p.m.

36 +0

884 +1

115 +0

puma-scan by pumasecurity

Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.

created at Oct. 19, 2016, 11:02 p.m.

37 +0

438 +1

88 +0

spotbugs by spotbugs

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

created at Nov. 4, 2016, 10:18 p.m.

77 +0

3,359 +11

575 +0

trufflehog by trufflesecurity

Find and verify secrets

created at Dec. 31, 2016, 5:08 a.m.

166 +0

13,993 +38

1,520 +4

gopass by gopasspw

The slightly more awesome standard unix password manager for teams

created at Feb. 2, 2017, 12:33 p.m.

78 +0

5,667 +8

475 +1

repo-supervisor by auth0

Scan your code for security misconfiguration, search for passwords and secrets.

created at Feb. 21, 2017, 8:06 p.m.

33 +0

633 +0

101 +0

scanner-cli by hawkeyesec

A project security/vulnerability/risk scanning tool

created at March 18, 2017, 3:24 p.m.

19 +0

358 -1

89 +0

progpilot by designsecurity

A static analysis tool for security

created at June 20, 2017, 6:04 p.m.

15 +0

313 +1

63 +0

terrascan by tenable

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

created at Sept. 11, 2017, 3:11 a.m.

67 +0

4,527 +9

492 +0

detect-secrets by Yelp

An enterprise friendly way of detecting and preventing secrets in code.

created at Dec. 5, 2017, 12:38 a.m.

48 +0

3,485 +7

433 +2

security-code-scan by security-code-scan

Vulnerability Patterns Detector for C# and VB.NET

created at Dec. 31, 2017, 9:38 a.m.

32 +0

919 +1

157 +0

gitleaks by gitleaks

Protect and discover secrets using Gitleaks 🔑

created at Jan. 27, 2018, 6:19 p.m.

153 +0

15,336 +28

1,321 +6

bandit by PyCQA

Bandit is a tool designed to find common security issues in Python code.

created at April 26, 2018, 9:08 a.m.

67 +0

6,025 +12

582 +1

kubectl-kubesec by controlplaneio

Security risk analysis for Kubernetes resources

created at May 8, 2018, 8:52 a.m.

25 +0

501 +1

37 +0

kube-score by zegl

Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

created at Sept. 16, 2018, 1:19 p.m.

23 +0

2,601 +13

174 +0

flawfinder by david-a-wheeler

a static analysis tool for finding vulnerabilities in C/C++ source code

created at Nov. 12, 2018, 5:23 p.m.

16 +0

453 +3

81 +0