trufflehog by trufflesecurity

Find and verify secrets

updated at May 5, 2024, 2:52 p.m.

166 -2

13,955 +62

1,516 +6

gosec by GoASTScanner

Go security checker

updated at May 5, 2024, 2:30 p.m.

89 +0

7,467 +13

585 +2

awesome-threat-modelling by hysnsec

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

updated at May 5, 2024, 2:07 p.m.

63 +1

1,260 +7

231 +0

flawfinder by david-a-wheeler

a static analysis tool for finding vulnerabilities in C/C++ source code

updated at May 5, 2024, 2:04 p.m.

16 +1

450 +2

81 +2

harden-runner by step-security

Network egress filtering and runtime security for GitHub-hosted and self-hosted runners

updated at May 5, 2024, 2:03 p.m.

7 +0

514 +11

41 +1

ansible-lint by ansible

ansible-lint checks playbooks for practices and behavior that could potentially be improved and can fix some of the most common ones for you

updated at May 5, 2024, 12:59 p.m.

61 +0

3,344 +8

630 +2

conftest by open-policy-agent

Write tests against structured configuration data using the Open Policy Agent Rego query language

updated at May 5, 2024, 10:47 a.m.

27 +0

2,790 +2

296 +0

gopass by gopasspw

The slightly more awesome standard unix password manager for teams

updated at May 5, 2024, 9:19 a.m.

78 +0

5,659 +10

474 +0

repo-supervisor by auth0

Scan your code for security misconfiguration, search for passwords and secrets.

updated at May 5, 2024, 6:14 a.m.

33 +0

633 -1

101 +0

checkov by bridgecrewio

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

updated at May 5, 2024, 6 a.m.

58 +0

6,558 +24

1,044 +5

trivy by aquasecurity

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

updated at May 5, 2024, 2:31 a.m.

169 +0

21,437 +61

2,111 +5

gitleaks by gitleaks

Protect and discover secrets using Gitleaks 🔑

updated at May 5, 2024, 2:25 a.m.

153 +0

15,308 +67

1,315 +5

sops by getsops

Simple and flexible tool for managing secrets

updated at May 5, 2024, 2:22 a.m.

117 +0

15,173 +49

814 +2

ThreatMapper by deepfence

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

updated at May 5, 2024, 2:21 a.m.

58 +0

4,636 +6

568 +0

security-code-scan by security-code-scan

Vulnerability Patterns Detector for C# and VB.NET

updated at May 5, 2024, 1:53 a.m.

32 +0

918 +5

157 +0

kube-score by zegl

Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.

updated at May 4, 2024, 11:48 p.m.

23 +1

2,588 +1

174 +1

docker-bench-security by docker

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

updated at May 4, 2024, 10:38 p.m.

237 +0

8,917 +13

994 +1

regula by fugue

Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes security and compliance using Open Policy Agent/Rego

updated at May 4, 2024, 10:08 p.m.

30 +0

934 +3

105 -1

juice-shop by juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

updated at May 4, 2024, 9:28 p.m.

156 +0

9,558 +26

9,349 +46

netz by SpectralOps

Discover internet-wide misconfigurations while drinking coffee

updated at May 4, 2024, 7:53 p.m.

14 +0

374 +1

46 +0