appsec-education by duo-labs

Presentations, training modules, and other education materials from Duo Security's Application Security team.

updated at Nov. 29, 2023, 5:43 p.m.

9 +0

67 +0

14 +0

chef-vault by chef

Securely manage passwords, certs, and other secrets in Chef

updated at Dec. 23, 2023, 3:02 p.m.

52 +0

407 +0

161 +0

samm by OWASP

SAMM stands for Software Assurance Maturity Model.

updated at Jan. 9, 2024, 4:24 p.m.

65 +0

395 +0

134 +0

raindance by devsecops

Project intended to make Attack Maps part of software development by reducing the time it takes to complete them.

updated at Feb. 27, 2024, 10:40 p.m.

14 +0

43 +0

22 +0

gauntlt by gauntlt

a ruggedization framework that embodies the principle "be mean to your code"

updated at April 10, 2024, 2:33 a.m.

77 +0

972 +0

190 +0

keyscope by SpectralOps

Keyscope is a key and secret workflow (validation, invalidation, etc.) tool built in Rust

updated at April 13, 2024, 10:31 a.m.

17 +0

376 +0

119 +0

cfngoat by bridgecrewio

Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

updated at April 21, 2024, 4:20 p.m.

10 +0

90 +0

615 +1

credstash by fugue

A little utility for managing credentials in the cloud

updated at April 25, 2024, 12:24 a.m.

70 +0

2,054 +0

217 +0

knox by pinterest

Knox is a secret management service

updated at May 3, 2024, 2:09 a.m.

43 +0

1,220 +0

120 +0

automatic-api-attack-tool by imperva

Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.

updated at May 3, 2024, 9:32 p.m.

15 +0

438 +0

91 +0

terragoat by bridgecrewio

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

updated at May 4, 2024, 7:10 a.m.

23 +0

1,102 +0

2,336 +3

netz by SpectralOps

Discover internet-wide misconfigurations while drinking coffee

updated at May 4, 2024, 7:53 p.m.

14 +0

374 +0

46 +0

regula by fugue

Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes security and compliance using Open Policy Agent/Rego

updated at May 4, 2024, 10:08 p.m.

30 +0

934 +0

106 +1

repo-supervisor by auth0

Scan your code for security misconfiguration, search for passwords and secrets.

updated at May 5, 2024, 6:14 a.m.

33 +0

633 +0

101 +0

kubectl-kubesec by controlplaneio

Security risk analysis for Kubernetes resources

updated at May 6, 2024, 1:16 a.m.

25 +0

501 +1

37 +0

security-code-scan by security-code-scan

Vulnerability Patterns Detector for C# and VB.NET

updated at May 6, 2024, 9:35 a.m.

32 +0

919 +1

157 +0

cfn_nag by stelligent

Linting tool for CloudFormation templates

updated at May 6, 2024, 4:34 p.m.

34 +0

1,224 +1

207 +0

brakeman by presidentbeef

A static analysis security vulnerability scanner for Ruby on Rails applications

updated at May 7, 2024, 2 a.m.

166 +0

6,915 +3

712 +2

progpilot by designsecurity

A static analysis tool for security

updated at May 7, 2024, 9 a.m.

15 +0

313 +1

63 +0

ssllabs-scan by ssllabs

A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.

updated at May 8, 2024, 7:17 a.m.

95 +0

1,681 +0

240 +0