dawnscanner by thesp0nge

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

created at April 4, 2013, 1:06 p.m.

33 +0

731 +0

88 +0

rekor by sigstore

Software Supply Chain Transparency Log

created at June 17, 2020, 12:04 p.m.

18 +0

838 +0

156 +0

DevSkim by Microsoft

DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.

created at Aug. 3, 2016, 3:30 p.m.

36 +0

886 +2

109 -6

security-code-scan by security-code-scan

Vulnerability Patterns Detector for C# and VB.NET

created at Dec. 31, 2017, 9:38 a.m.

32 +0

920 +1

157 +0

regula by fugue

Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes security and compliance using Open Policy Agent/Rego

created at Dec. 17, 2019, 2:27 p.m.

30 +0

934 +0

106 +0

gauntlt by gauntlt

a ruggedization framework that embodies the principle "be mean to your code"

created at March 27, 2012, 7:29 p.m.

77 +0

972 +0

190 +0

terragoat by bridgecrewio

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

created at March 27, 2020, 4:56 p.m.

23 +0

1,104 +2

2,339 +3

wrongsecrets by OWASP

Vulnerable app with examples showing how to not use secrets

created at Aug. 19, 2020, 5:59 a.m.

NEW!

17 +0

1,156 +0

274 +0

knox by pinterest

Knox is a secret management service

created at March 11, 2016, 7:19 p.m.

43 +0

1,220 +0

120 +0

cfn_nag by stelligent

Linting tool for CloudFormation templates

created at Feb. 11, 2016, 1:15 p.m.

34 +0

1,225 +1

207 +0

awesome-threat-modelling by hysnsec

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

created at Dec. 29, 2019, 6:30 a.m.

64 +1

1,273 +7

232 +0

ssllabs-scan by ssllabs

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

created at Oct. 14, 2014, 10:10 a.m.

95 +0

1,682 +1

239 -1

NodeGoat by OWASP

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

created at Oct. 21, 2013, 7:14 p.m.

78 +0

1,831 +2

1,580 +10

kics by Checkmarx

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

created at July 8, 2020, 9:46 p.m.

25 +0

1,915 +6

286 +0

credstash by fugue

A little utility for managing credentials in the cloud

created at April 20, 2015, 4:20 p.m.

70 +0

2,055 +1

217 +0

teller by tellerops

Cloud native secrets management for developers - never leave your command line for secrets.

created at March 24, 2021, 10:49 a.m.

26 +0

2,556 +5

165 +0

kube-score by zegl

Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

created at Sept. 16, 2018, 1:19 p.m.

23 +0

2,609 +8

173 -1

badssl.com by chromium

Memorable site for testing clients against bad SSL configs.

created at April 7, 2015, 10:37 p.m.

53 +0

2,748 +3

185 +1

conftest by open-policy-agent

Write tests against structured configuration data using the Open Policy Agent Rego query language

created at March 28, 2019, 5:12 p.m.

27 +0

2,798 +6

297 +0

ansible-lint by ansible

ansible-lint checks playbooks for practices and behavior that could potentially be improved and can fix some of the most common ones for you

created at Aug. 14, 2013, 11:08 a.m.

61 +0

3,355 +8

632 +1