#Devsecops
Showing 60 of 289 repositories tagged #devsecops, ranked by stars
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Find secrets with Gitleaks 🔑
Find, verify, and analyze leaked credentials
817 structured cybersecurity skills for AI agents · Mapped to 6 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, NIST AI RMF & MITRE F3 (Fight Fraud) · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 29 security domains · Apache 2.0
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.
Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
🛡️ Open-source and cloud-native Web Application Firewall (WAF)
🐚 Python-powered shell. Full-featured, cross-platform and AI-friendly.
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
Enterprise-ready zero-trust access platform built on WireGuard®.
Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.
Tfsec is now part of Trivy
Ultimate DevSecOps library
Open Source Vulnerability Management Platform
DeepAudit:人人拥有的 AI 黑客战队,让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行,自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ,一键生成报告。支持中转站。让安全不再昂贵,让审计不再复杂。
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
Open Source Cloud Native Application Protection Platform (CNAPP)
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Open-Source Unified Vulnerability Management, DevSecOps & ASPM
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:
ContainerSSH: Launch containers on demand
🔥Open source RASP solution
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
nodejsscan is a static security code scanner for Node.js applications.
ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
A FREE pragmatic DevOps learning to kickstart your DevOps career and knowledge in the Cloud Native era following the Agile MVP style! ⭐ (2026 plans for DevOps, Cloud, Platform, SRE, SWE)
Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software
Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
This is a step-by-step guide to implementing a DevSecOps program for any size organization
Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
Detect and validate 500+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.
This repo includes Books and imp notes related to GCP, Azure, AWS, Docker, K8s, and DevOps. More, exam and interview prep notes.
Complete Solution for VAPT/AppSec and Pentesting Guide: Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting | SAST | DAST etc...
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
Curating the best DevSecOps resources and tooling.
🧵 CLI tool for directly patching container images!
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Checklist for container security - devsecops practices
Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Vulnerable app with examples showing how to not use secrets
Fast GitHub recon tool. Scans for leaked secrets across all of GitHub, not just known repos and orgs. Support for GitHub dorks.
Scan the world (for secrets)
Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities
Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
AI-powered offensive security agent with 7,300+ actionable security skills. Autonomous pentesting powered by MITRE ATT&CK (2,000+ Atomic tests), CIS Benchmarks (1,500+ controls), OWASP, NIST. Lazy-loading, zero context pollution. Your AI red team.
Detect leaked secrets + live validation. Map blast radius across your stack. Revoke fast. 950+ rules.
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
Protect against malicious open source packages 🤖
The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.
CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues