Devsecops
Showing 21 of 57 projects
A scanner that detects JavaScript libraries with known vulnerabilities and can generate a Software Bill of Materials (SBOM).
An open-source Cloud Security Posture Management (CSPM) tool that scans AWS, Azure, GCP, Oracle, and GitHub for security misconfigurations.
A 'Vulnerable by Design' cloud deployment tool for creating and completing capture-the-flag style security scenarios on AWS and Azure.
A comprehensive guide with diagrams and best practices for implementing corporate network segmentation across four security maturity levels.
A standalone tool that finds unprotected secrets like passwords and API keys in container images and file systems.
A universal secret manager CLI for developers that centralizes secrets from multiple providers and prevents secret sprawl.
Open source Runtime Application Self-Protection (RASP) solution that integrates security directly into application servers via instrumentation.
A security audit tool for Ruby projects that checks Gemfile.lock for vulnerable gem versions and insecure sources.
A CLI tool that scans cloud infrastructure to detect, track, and alert on drift from Terraform IaC definitions.
Static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.
A static application security testing (SAST) tool that scans source code to discover, filter, and prioritize security and privacy risks.
KICS is an open-source static analysis tool that finds security vulnerabilities, compliance issues, and misconfigurations in Infrastructure as Code.
A SpotBugs plugin for detecting security vulnerabilities in Java web and Android applications.
A deliberately vulnerable CI/CD environment with 11 challenges to learn and practice CI/CD security.
Automatically generate least-privilege IAM policies for AWS by specifying resource ARNs and access levels.
Automatically generate least-privilege IAM policies for AWS based on resource ARNs and access levels.
Security-focused static analysis tool for Elixir and Phoenix applications, detecting common vulnerabilities.
A curated list of threat modeling resources including books, courses, videos, tools, tutorials, and examples for learning and practicing threat modeling.
A curated list of DevSecOps tools, resources, and training materials for integrating security into the development lifecycle.
A machine learning security engine that preemptively prevents web app and API threats using supervised and unsupervised models.
A tool for quickly evaluating IAM permissions and identifying security risks in AWS accounts through graph-based analysis.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.