devsecops
There are 1474 repositories under devsecops topic.
aquasecurity/trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
gitleaks/gitleaks
Find secrets with Gitleaks 🔑
trufflesecurity/trufflehog
Find, verify, and analyze leaked credentials
MobSF/Mobile-Security-Framework-MobSF
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
bytebase/bytebase
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
prowler-cloud/prowler
Prowler is the Open Cloud Security for AWS, Azure, GCP, Kubernetes, M365 and more. As agent-less, it helps for continuous monitoring, security assessments & audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more
gravitl/netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
bunkerity/bunkerweb
🛡️ Open-source and next-generation Web Application Firewall (WAF)
We5ter/Scanners-Box
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
firezone/firezone
Enterprise-ready zero-trust access platform built on WireGuard®.
turbot/steampipe
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
aquasecurity/tfsec
Tfsec is now part of Trivy
sottlmarek/DevSecOps
Ultimate DevSecOps library
infobyte/faraday
Open Source Vulnerability Management Platform
madhuakula/kubernetes-goat
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
deepfence/ThreatMapper
Open Source Cloud Native Application Protection Platform (CNAPP)
tenable/terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
devsecops/awesome-devsecops
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
hahwul/dalfox
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
DefectDojo/django-DefectDojo
Open-Source Unified Vulnerability Management, DevSecOps & ASPM
DependencyTrack/dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
deepfence/SecretScanner
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
ContainerSSH/ContainerSSH
ContainerSSH: Launch containers on demand
baidu/openrasp
🔥Open source RASP solution
ajinabraham/nodejsscan
nodejsscan is a static security code scanner for Node.js applications.
Checkmarx/kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
Bearer/bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
archerysec/archerysec
ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
joseadanof/awesome-cloudnative-trainings
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
DevOpsHiveHQ/dynamic-devops-roadmap
A FREE pragmatic DevOps learning to kickstart your DevOps career and knowledge in the Cloud Native era following the Agile MVP style! ⭐ (2025 plans for DevOps, Cloud, Platform, SRE, SWE)
praetorian-inc/noseyparker
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.
cider-security-research/cicd-goat
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
hahwul/DevSecOps
♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
6mile/DevSecOps-Playbook
This is a step-by-step guide to implementing a DevSecOps program for any size organization
pyupio/safety
Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
GitGuardian/ggshield
Detect and validate 500+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.