juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

created at Sept. 19, 2014, 2:53 p.m.

156 +0

9,558 +26

9,349 +46

terragoat by bridgecrewio

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

created at March 27, 2020, 4:56 p.m.

23 +0

1,102 +1

2,333 +4

zaproxy by zaproxy

The ZAP core project

created at June 3, 2015, 4:55 p.m.

397 +0

12,017 +20

2,190 -1

trivy by aquasecurity

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

created at April 11, 2019, 1:01 a.m.

169 +0

21,437 +61

2,111 +5

NodeGoat by OWASP

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

created at Oct. 21, 2013, 7:14 p.m.

78 +0

1,828 +2

1,567 +3

trufflehog by trufflesecurity

Find and verify secrets

created at Dec. 31, 2016, 5:08 a.m.

166 -2

13,955 +62

1,516 +6

gitleaks by gitleaks

Protect and discover secrets using Gitleaks 🔑

created at Jan. 27, 2018, 6:19 p.m.

153 +0

15,308 +67

1,315 +5

git-secrets by awslabs

Prevents you from committing secrets and credentials into git repositories

created at July 15, 2015, 8:41 p.m.

196 +0

12,036 +20

1,154 +1

clair by quay

Vulnerability Static Analysis for Containers

created at Nov. 13, 2015, 6:46 p.m.

228 +0

10,052 +11

1,149 -2

checkov by bridgecrewio

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

created at Nov. 27, 2019, 8:55 a.m.

58 +0

6,558 +24

1,044 +5

docker-bench-security by docker

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

created at May 11, 2015, 12:57 a.m.

237 +0

8,917 +13

994 +1

sops by getsops

Simple and flexible tool for managing secrets

created at Aug. 13, 2015, 10:11 p.m.

117 +0

15,173 +49

814 +2

brakeman by presidentbeef

A static analysis security vulnerability scanner for Ruby on Rails applications

created at Aug. 27, 2010, midnight

166 +0

6,912 +2

710 +1

ansible-lint by ansible

ansible-lint checks playbooks for practices and behavior that could potentially be improved and can fix some of the most common ones for you

created at Aug. 14, 2013, 11:08 a.m.

61 +0

3,344 +8

630 +2

cfngoat by bridgecrewio

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

created at April 25, 2020, 12:47 a.m.

10 +0

90 +0

614 +0

gosec by GoASTScanner

Go security checker

created at July 18, 2016, 6:01 p.m.

89 +0

7,467 +13

585 +2

bandit by PyCQA

Bandit is a tool designed to find common security issues in Python code.

created at April 26, 2018, 9:08 a.m.

67 +0

6,013 +14

581 +2

spotbugs by spotbugs

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

created at Nov. 4, 2016, 10:18 p.m.

77 -1

3,348 +7

575 +2

ThreatMapper by deepfence

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

created at Feb. 6, 2020, 10:30 a.m.

58 +0

4,636 +6

568 +0

tfsec by aquasecurity

Security scanner for your Terraform code

created at March 4, 2019, 4:56 p.m.

71 +0

6,572 +10

529 +1