appsec-education by duo-labs

Presentations, training modules, and other education materials from Duo Security's Application Security team.

created at Oct. 22, 2019, 4:40 p.m.

9 +0

67 +0

14 +0

raindance by devsecops

Project intended to make Attack Maps part of software development by reducing the time it takes to complete them.

created at March 30, 2016, 7:01 a.m.

14 +0

43 +0

22 +0

kubectl-kubesec by controlplaneio

Security risk analysis for Kubernetes resources

created at May 8, 2018, 8:52 a.m.

25 +0

500 +0

37 +0

harden-runner by step-security

Network egress filtering and runtime security for GitHub-hosted and self-hosted runners

created at Oct. 28, 2021, 4:58 p.m.

7 +0

514 +11

41 +1

preflight by SpectralOps

preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack.

created at April 29, 2021, 10:37 a.m.

6 +0

149 +0

45 +0

netz by SpectralOps

Discover internet-wide misconfigurations while drinking coffee

created at March 3, 2021, 6:47 p.m.

14 +0

374 +1

46 +0

progpilot by designsecurity

A static analysis tool for security

created at June 20, 2017, 6:04 p.m.

15 +0

312 +0

63 +0

flawfinder by david-a-wheeler

a static analysis tool for finding vulnerabilities in C/C++ source code

created at Nov. 12, 2018, 5:23 p.m.

16 +1

450 +2

81 +2

phpcs-security-audit by FloeDesignTechnologies

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

created at Oct. 22, 2013, 8:26 p.m.

44 +0

701 +0

86 +0

puma-scan by pumasecurity

Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.

created at Oct. 19, 2016, 11:02 p.m.

37 +0

437 +1

88 +0

dawnscanner by thesp0nge

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

created at April 4, 2013, 1:06 p.m.

33 +0

731 +2

88 +0

scanner-cli by hawkeyesec

A project security/vulnerability/risk scanning tool

created at March 18, 2017, 3:24 p.m.

19 +0

359 +0

89 +0

automatic-api-attack-tool by imperva

Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.

created at Nov. 6, 2019, 7:53 a.m.

15 +0

438 +2

91 +0

repo-supervisor by auth0

Scan your code for security misconfiguration, search for passwords and secrets.

created at Feb. 21, 2017, 8:06 p.m.

33 +0

633 -1

101 +0

regula by fugue

Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes security and compliance using Open Policy Agent/Rego

created at Dec. 17, 2019, 2:27 p.m.

30 +0

934 +3

105 -1

DevSkim by Microsoft

DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.

created at Aug. 3, 2016, 3:30 p.m.

36 +0

883 +0

115 +0

keyscope by SpectralOps

Keyscope is a key and secret workflow (validation, invalidation, etc.) tool built in Rust

created at Oct. 1, 2021, 12:01 p.m.

17 +0

376 +0

119 +0

knox by pinterest

Knox is a secret management service

created at March 11, 2016, 7:19 p.m.

43 +0

1,220 +2

120 +0

fulcio by sigstore

Sigstore OIDC PKI

created at Feb. 23, 2021, 3:19 p.m.

17 +0

604 +4

126 +0

samm by OWASP

SAMM stands for Software Assurance Maturity Model.

created at Aug. 16, 2013, 9:35 a.m.

65 +0

395 +0

134 +0