clair by quay

Vulnerability Static Analysis for Containers

created at Nov. 13, 2015, 6:46 p.m.

228 +0

10,070 +14

1,150 +1

ThreatMapper by deepfence

Open Source Cloud Native Application Protection Platform (CNAPP)

created at Feb. 6, 2020, 10:30 a.m.

58 +0

4,657 +10

571 +2

kubectl-kubesec by controlplaneio

Security risk analysis for Kubernetes resources

created at May 8, 2018, 8:52 a.m.

25 +0

503 +2

37 +0

flawfinder by david-a-wheeler

a static analysis tool for finding vulnerabilities in C/C++ source code

created at Nov. 12, 2018, 5:23 p.m.

16 +0

454 +1

81 +0

badssl.com by chromium

Memorable site for testing clients against bad SSL configs.

created at April 7, 2015, 10:37 p.m.

53 +0

2,748 +3

185 +1

chef-vault by chef

Securely manage passwords, certs, and other secrets in Chef

created at April 8, 2013, 6:05 p.m.

52 +0

407 +0

161 +0

checkov by bridgecrewio

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

created at Nov. 27, 2019, 8:55 a.m.

58 +0

6,586 +19

1,053 +4

samm by OWASP

SAMM stands for Software Assurance Maturity Model.

created at Aug. 16, 2013, 9:35 a.m.

65 +0

395 +0

132 -2

ssllabs-scan by ssllabs

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

created at Oct. 14, 2014, 10:10 a.m.

95 +0

1,682 +1

239 -1

automatic-api-attack-tool by imperva

Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.

created at Nov. 6, 2019, 7:53 a.m.

15 +0

438 +0

91 +0

gauntlt by gauntlt

a ruggedization framework that embodies the principle "be mean to your code"

created at March 27, 2012, 7:29 p.m.

77 +0

972 +0

190 +0

awesome-threat-modelling by hysnsec

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

created at Dec. 29, 2019, 6:30 a.m.

64 +1

1,273 +7

232 +0

raindance by devsecops

Project intended to make Attack Maps part of software development by reducing the time it takes to complete them.

created at March 30, 2016, 7:01 a.m.

14 +0

43 +0

22 +0

knox by pinterest

Knox is a secret management service

created at March 11, 2016, 7:19 p.m.

43 +0

1,220 +0

120 +0

phpcs-security-audit by FloeDesignTechnologies

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

created at Oct. 22, 2013, 8:26 p.m.

44 +0

703 +1

86 +0

security-code-scan by security-code-scan

Vulnerability Patterns Detector for C# and VB.NET

created at Dec. 31, 2017, 9:38 a.m.

32 +0

920 +1

157 +0

conftest by open-policy-agent

Write tests against structured configuration data using the Open Policy Agent Rego query language

created at March 28, 2019, 5:12 p.m.

27 +0

2,798 +6

297 +0

trivy by aquasecurity

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

created at April 11, 2019, 1:01 a.m.

169 +0

21,584 +70

2,128 +10

cfngoat by bridgecrewio

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

created at April 25, 2020, 12:47 a.m.

10 +0

90 +0

615 +0

terragoat by bridgecrewio

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

created at March 27, 2020, 4:56 p.m.

23 +0

1,104 +2

2,339 +3