security-code-scan by security-code-scan

Vulnerability Patterns Detector for C# and VB.NET

created at Dec. 31, 2017, 9:38 a.m.

32 +0

919 +1

157 +0

repo-supervisor by auth0

Scan your code for security misconfiguration, search for passwords and secrets.

created at Feb. 21, 2017, 8:06 p.m.

33 +0

633 +0

101 +0

dawnscanner by thesp0nge

Dawn is a static analysis security scanner for ruby written web applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

created at April 4, 2013, 1:06 p.m.

33 +0

731 +0

88 +0

cfn_nag by stelligent

Linting tool for CloudFormation templates

created at Feb. 11, 2016, 1:15 p.m.

34 +0

1,224 +1

207 +0

DevSkim by Microsoft

DevSkim is a set of IDE plugins, language analyzers, and rules that provide security "linting" capabilities.

created at Aug. 3, 2016, 3:30 p.m.

36 +0

884 +1

115 +0

puma-scan by pumasecurity

Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.

created at Oct. 19, 2016, 11:02 p.m.

37 +0

438 +1

88 +0

knox by pinterest

Knox is a secret management service

created at March 11, 2016, 7:19 p.m.

43 +0

1,220 +0

120 +0

phpcs-security-audit by FloeDesignTechnologies

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

created at Oct. 22, 2013, 8:26 p.m.

44 +0

702 +1

86 +0

detect-secrets by Yelp

An enterprise friendly way of detecting and preventing secrets in code.

created at Dec. 5, 2017, 12:38 a.m.

48 +0

3,485 +7

433 +2

cosign by sigstore

Code signing and transparency for containers and binaries

created at Feb. 4, 2021, 12:49 p.m.

52 +0

4,115 +20

498 +2

chef-vault by chef

Securely manage passwords, certs, and other secrets in Chef

created at April 8, 2013, 6:05 p.m.

52 +0

407 +0

161 +0

badssl.com by chromium

Memorable site for testing clients against bad SSL configs.

created at April 7, 2015, 10:37 p.m.

53 +0

2,745 +5

184 +1

ThreatMapper by deepfence

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

created at Feb. 6, 2020, 10:30 a.m.

58 +0

4,647 +11

569 +1

checkov by bridgecrewio

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

created at Nov. 27, 2019, 8:55 a.m.

58 +0

6,567 +9

1,049 +5

ansible-lint by ansible

ansible-lint checks playbooks for practices and behavior that could potentially be improved and can fix some of the most common ones for you

created at Aug. 14, 2013, 11:08 a.m.

61 +0

3,347 +3

631 +1

awesome-threat-modelling by hysnsec

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

created at Dec. 29, 2019, 6:30 a.m.

63 +0

1,266 +6

232 +1

hadolint by hadolint

Dockerfile linter, validate inline bash, written in Haskell

created at Nov. 15, 2015, 8:20 p.m.

65 +0

9,777 +41

394 +1

samm by OWASP

SAMM stands for Software Assurance Maturity Model.

created at Aug. 16, 2013, 9:35 a.m.

65 +0

395 +0

134 +0

bandit by PyCQA

Bandit is a tool designed to find common security issues in Python code.

created at April 26, 2018, 9:08 a.m.

67 +0

6,025 +12

582 +1

terrascan by tenable

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

created at Sept. 11, 2017, 3:11 a.m.

67 +0

4,527 +9

492 +0