Devsecops
Showing 15 of 123 projects
An AWS CDK construct to deploy, update, and stage Web Application Firewalls (WAFs) with central governance via AWS Firewall Manager.
Tools for vulnerability scanning and compliance auditing of Docker containers and images using OpenSCAP.
A Django web application for static security analysis (SAST) and malware detection in Android APKs.
A GitHub Action to upload and scan files for malware using VirusTotal's analysis engine.
A tool to verify scripts and executables by hash to prevent supply chain attacks.
A curated collection of threat modeling resources, including methodologies, tools, books, and conference talks.
A research project inventorying RCE-by-design features and code execution risks in CI/CD pipeline tools.
A zero-code Kubernetes sidecar that redacts PII and secrets from application logs using entropy analysis and deterministic regex rules.
A static analysis tool that spots security vulnerabilities in PostgreSQL extension scripts and SQL code.
A Python library to mock SSH servers and define custom commands for testing automation scripts.
A Python tool that scans codebases for potentially dangerous patterns like hardcoded passwords or accidental diff checkins.
A vulnerable-by-design CloudFormation template for learning and testing infrastructure-as-code security scanning tools.
A GitHub Action that runs tfsec with reviewdog on pull requests to enforce Terraform security best practices.
A tool to detect which Go dependencies are vulnerable to GitHub repository hijacking (RepoJacking) attacks.
A security tool for enumerating and exploiting pipeline vulnerabilities in GitHub Actions workflows and self-hosted runners.
Related Tags
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.