trivy by aquasecurity

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

created at April 11, 2019, 1:01 a.m.

169 +0

21,584 +70

2,128 +10

gitleaks by gitleaks

Protect and discover secrets using Gitleaks 🔑

created at Jan. 27, 2018, 6:19 p.m.

152 -1

15,373 +37

1,325 +4

sops by getsops

Simple and flexible tool for managing secrets

created at Aug. 13, 2015, 10:11 p.m.

117 +1

15,258 +49

818 +3

trufflehog by trufflesecurity

Find and verify secrets

created at Dec. 31, 2016, 5:08 a.m.

166 +0

14,030 +37

1,528 +8

zaproxy by zaproxy

The ZAP core project

created at June 3, 2015, 4:55 p.m.

395 +0

12,072 +30

2,196 +3

git-secrets by awslabs

Prevents you from committing secrets and credentials into git repositories

created at July 15, 2015, 8:41 p.m.

195 +0

12,063 +14

1,155 +1

clair by quay

Vulnerability Static Analysis for Containers

created at Nov. 13, 2015, 6:46 p.m.

228 +0

10,070 +14

1,150 +1

hadolint by hadolint

Dockerfile linter, validate inline bash, written in Haskell

created at Nov. 15, 2015, 8:20 p.m.

65 +0

9,809 +32

394 +0

juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

created at Sept. 19, 2014, 2:53 p.m.

156 +0

9,631 +42

9,477 +78

docker-bench-security by docker

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

created at May 11, 2015, 12:57 a.m.

237 +0

8,939 +13

995 +1

gosec by GoASTScanner

Go security checker

created at July 18, 2016, 6:01 p.m.

89 +0

7,499 +9

588 +2

brakeman by presidentbeef

A static analysis security vulnerability scanner for Ruby on Rails applications

created at Aug. 27, 2010, midnight

165 -1

6,914 -1

713 +1

blackbox by StackExchange

Safely store secrets in Git/Mercurial/Subversion

created at April 6, 2014, 5:53 p.m.

121 +0

6,630 +3

370 +0

checkov by bridgecrewio

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

created at Nov. 27, 2019, 8:55 a.m.

58 +0

6,586 +19

1,053 +4

tfsec by aquasecurity

Security scanner for your Terraform code

created at March 4, 2019, 4:56 p.m.

71 +0

6,583 +7

530 +1

bandit by PyCQA

Bandit is a tool designed to find common security issues in Python code.

created at April 26, 2018, 9:08 a.m.

67 +0

6,042 +17

581 -1

gopass by gopasspw

The slightly more awesome standard unix password manager for teams

created at Feb. 2, 2017, 12:33 p.m.

79 +1

5,675 +8

475 +0

phan by phan

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

created at Oct. 22, 2015, 2:34 p.m.

107 +0

5,502 +0

360 +0

ThreatMapper by deepfence

Open Source Cloud Native Application Protection Platform (CNAPP)

created at Feb. 6, 2020, 10:30 a.m.

58 +0

4,657 +10

571 +2

terrascan by tenable

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

created at Sept. 11, 2017, 3:11 a.m.

67 +0

4,534 +7

494 +2