Devsecops

trivyGo

A comprehensive security scanner that finds vulnerabilities, misconfigurations, secrets, and SBOMs in containers, Kubernetes, code, and clouds.

GitleaksGo

A tool for detecting secrets like passwords, API keys, and tokens in git repositories, directories, and stdin.

truffleHogGo

A secrets scanning tool that discovers, classifies, validates, and analyzes leaked credentials across multiple sources.

truffleHogGo

A secrets scanning tool that discovers, classifies, validates, and analyzes leaked credentials across multiple sources.

Mobile-Security-Framework MobSFJavaScript

An automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis, and security assessment framework.

ProwlerPython

An open-source cloud security platform that automates security and compliance assessments across AWS, Azure, GCP, and other cloud providers.

prowlerPython

An open-source cloud security platform that automates security and compliance assessments across AWS, Azure, GCP, and other cloud providers.

GrypeGo

A vulnerability scanner for container images, filesystems, and SBOMs to detect known security issues.

GrypeGo

A vulnerability scanner for container images, filesystems, and SBOMs to detect known security issues.

clairGo

Static vulnerability analysis for container images (OCI/Docker) via an API that indexes and matches against known security flaws.

ClairGo

Open-source vulnerability static analysis tool for container images (OCI/Docker) via API-based indexing and matching.

Docker bench securityShell

A script that checks for dozens of common best-practices around deploying Docker containers in production.

codeqlCodeQL

Standard libraries and queries for CodeQL, powering GitHub Advanced Security and static application security testing.

SyftGo

A CLI tool and Go library for generating Software Bill of Materials (SBOM) from container images and filesystems.

syftGo

A CLI tool and Go library for generating Software Bill of Materials (SBOM) from container images and filesystems.

Golang Security CheckerGo

A static analysis tool that scans Go source code for security vulnerabilities by analyzing the AST and SSA representations.

CheckovPython

A static code analysis tool that scans infrastructure as code, container images, and open source packages for security misconfigurations and vulnerabilities.

brakemanRuby

A static analysis security vulnerability scanner for Ruby on Rails applications.

TFSecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

TfsecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

tfsecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

tfsecGo

A static analysis security scanner for Terraform code that identifies misconfigurations across major cloud providers.

Application SecurityPHP

A curated list of books, articles, websites, and tools for learning application security across multiple programming languages.

AppSecPHP

A curated list of books, articles, websites, and tools for learning application security across multiple programming languages.

Awesome Security Hardening

A curated collection of security hardening guides, best practices, checklists, benchmarks, and tools for various systems and services.

slitherPython

A static analysis framework for Solidity and Vyper smart contracts that detects vulnerabilities, enhances code comprehension, and enables custom analyses.

CosignGo

A tool for signing and verifying container images and other artifacts using the Sigstore framework.

Kubernetes GoatHTML

An intentionally vulnerable Kubernetes cluster environment for hands-on security training and practice.

scorecardGo

Automated security health metrics for open source projects, assessing security best practices and risks.

ThreatMapperTypeScript

Open source CNAPP that hunts for threats in cloud native platforms, ranks them by risk, and visualizes attack paths.

Cybersecurity Blue Team

A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

TerrascanGo

A static code analyzer that detects security and compliance violations in Infrastructure as Code before provisioning cloud infrastructure.

terrascanGo

A static code analyzer that detects security and compliance violations in Infrastructure as Code before provisioning cloud infrastructure.

detect-secretsPython

An enterprise-friendly Python tool for detecting and preventing secrets from entering codebases with a baseline approach.

zizmorRust

A static analysis tool that finds security vulnerabilities and misconfigurations in GitHub Actions workflows.

ssh-auditPython

A security auditing tool for SSH server and client configurations, analyzing algorithms, vulnerabilities, and policy compliance.