Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
created at Oct. 28, 2021, 4:58 p.m.
Keyscope is a key and secret workflow (validation, invalidation, etc.) tool built in Rust
created at Oct. 1, 2021, 12:01 p.m.
preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack.
created at April 29, 2021, 10:37 a.m.
Discover internet-wide misconfigurations while drinking coffee
created at March 3, 2021, 6:47 p.m.
Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
created at April 25, 2020, 12:47 a.m.
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
created at March 27, 2020, 4:56 p.m.
Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
created at Feb. 6, 2020, 10:30 a.m.
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
created at Dec. 29, 2019, 6:30 a.m.
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
created at Nov. 27, 2019, 8:55 a.m.
Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.
created at Nov. 6, 2019, 7:53 a.m.
Presentations, training modules, and other education materials from Duo Security's Application Security team.
created at Oct. 22, 2019, 4:40 p.m.
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
created at April 11, 2019, 1:01 a.m.
Write tests against structured configuration data using the Open Policy Agent Rego query language
created at March 28, 2019, 5:12 p.m.