#Devsecops

Showing 60 of 289 repositories tagged #devsecops, ranked by stars

aquasecurity
aquasecurity
trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Score
100
★ 36.8k ⑂ 530 +58/day
Go
gitleaks
gitleaks
gitleaks

Find secrets with Gitleaks 🔑

Score
96
★ 28.0k ⑂ 2.1k +49/day
Go
trufflesecurity
trufflesecurity
trufflehog

Find, verify, and analyze leaked credentials

Score
91
★ 27.0k ⑂ 2.5k +5/day
Go
mukul975
mukul975
Anthropic-Cybersecurity-Skills

817 structured cybersecurity skills for AI agents · Mapped to 6 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, NIST AI RMF & MITRE F3 (Fight Fraud) · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 29 security domains · Apache 2.0

Score
100
★ 24.9k ⑂ 2.9k +494/day
Python
MobSF
MobSF
Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Score
100
★ 21.4k ⑂ 3.7k +52/day
JavaScript
bytebase
bytebase
bytebase

World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.

Score
87
★ 14.2k ⑂ 961 +1/day
Go
prowler-cloud
prowler-cloud
prowler

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

Score
89
★ 14.1k ⑂ 2.2k +2/day
Python
gravitl
gravitl
netmaker

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

Score
83
★ 11.7k ⑂ 646 +1/day
Go
bunkerity
bunkerity
bunkerweb

🛡️ Open-source and cloud-native Web Application Firewall (WAF)

Score
78
★ 10.7k ⑂ 633 +3/day
Python
xonsh
xonsh
xonsh

🐚 Python-powered shell. Full-featured, cross-platform and AI-friendly.

Score
67
★ 9.5k ⑂ 729 +2/day
Python
We5ter
We5ter
Scanners-Box

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Score
99
★ 9.0k ⑂ 2.4k +6/day
firezone
firezone
firezone

Enterprise-ready zero-trust access platform built on WireGuard®.

Score
100
★ 8.7k ⑂ 425 +1/day
Elixir
turbot
turbot
steampipe

Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

Score
78
★ 7.9k ⑂ 337 +2/day
Go
aquasecurity
aquasecurity
tfsec

Tfsec is now part of Trivy

Score
74
★ 7.0k ⑂ 555 +1/day
Go
sottlmarek
sottlmarek
DevSecOps

Ultimate DevSecOps library

Score
99
★ 6.8k ⑂ 1.2k +6/day
infobyte
infobyte
faraday

Open Source Vulnerability Management Platform

Score
44
★ 6.6k ⑂ 1.1k +5/day
Python
lintsinghua
lintsinghua
DeepAudit

DeepAudit:人人拥有的 AI 黑客战队,让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行,自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ,一键生成报告。支持中转站。​让安全不再昂贵,让审计不再复杂。

Score
33
★ 6.6k ⑂ 814 +31/day
Python
madhuakula
madhuakula
kubernetes-goat

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Score
98
★ 5.7k ⑂ 1.0k +7/day
HTML
devsecops
devsecops
awesome-devsecops

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

Score
95
★ 5.4k ⑂ 1.2k
deepfence
deepfence
ThreatMapper

Open Source Cloud Native Application Protection Platform (CNAPP)

Score
100
★ 5.3k ⑂ 636 +1/day
TypeScript
tenable
tenable
terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Score
61
★ 5.2k ⑂ 555
Go
hahwul
hahwul
dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Score
83
★ 5.1k ⑂ 542 +4/day
Rust
DefectDojo
DefectDojo
django-DefectDojo

Open-Source Unified Vulnerability Management, DevSecOps & ASPM

Score
56
★ 4.8k ⑂ 1.9k +1/day
HTML
DependencyTrack
DependencyTrack
dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Score
97
★ 4.0k ⑂ 775 +6/day
Java
deepfence
deepfence
SecretScanner

:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

Score
65
★ 3.4k ⑂ 347
Go
ContainerSSH
ContainerSSH
ContainerSSH

ContainerSSH: Launch containers on demand

Score
94
★ 3.1k ⑂ 107 +1/day
Go
baidu
baidu
openrasp

🔥Open source RASP solution

Score
82
★ 3.0k ⑂ 621
C++
Bearer
Bearer
bearer

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Score
96
★ 2.7k ⑂ 141 +2/day
Go
Checkmarx
Checkmarx
kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

Score
70
★ 2.7k ⑂ 373 +2/day
Open Policy Agent
ajinabraham
ajinabraham
nodejsscan

nodejsscan is a static security code scanner for Node.js applications.

Score
79
★ 2.6k ⑂ 346 +2/day
CSS
archerysec
archerysec
archerysec

ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.

Score
87
★ 2.5k ⑂ 523 +3/day
JavaScript
DevOpsHiveHQ
DevOpsHiveHQ
dynamic-devops-roadmap

A FREE pragmatic DevOps learning to kickstart your DevOps career and knowledge in the Cloud Native era following the Agile MVP style! ⭐ (2026 plans for DevOps, Cloud, Platform, SRE, SWE)

Score
99
★ 2.4k ⑂ 182 +2/day
TypeScript
joseadanof
joseadanof
awesome-cloudnative-trainings

Awesome Trainings from Cloud Native Computing Foundation Projects and Kubernetes related software

Score
90
★ 2.4k ⑂ 765
praetorian-inc
praetorian-inc
noseyparker

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.

Score
67
★ 2.3k ⑂ 132
Rust
cider-security-research
cider-security-research
cicd-goat

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

Score
65
★ 2.3k ⑂ 414
Python
hahwul
hahwul
DevSecOps

♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎

Score
95
★ 2.1k ⑂ 426 +2/day
Just
6mile
6mile
DevSecOps-Playbook

This is a step-by-step guide to implementing a DevSecOps program for any size organization

Score
64
★ 2.0k ⑂ 343
pyupio
pyupio
safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

Score
91
★ 2.0k ⑂ 193 +2/day
Python
GitGuardian
GitGuardian
ggshield

Detect and validate 500+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.

Score
92
★ 2.0k ⑂ 206 +1/day
Python
ahmedtariq01
ahmedtariq01
Cloud-DevOps-Learning-Resources

This repo includes Books and imp notes related to GCP, Azure, AWS, Docker, K8s, and DevOps. More, exam and interview prep notes.

Score
86
★ 2.0k ⑂ 687 +7/day
m14r41
m14r41
PentestingEverything

Complete Solution for VAPT/AppSec and Pentesting Guide: Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting | SAST | DAST etc...

Score
94
★ 1.8k ⑂ 406 +72/day
TypeScript
ossf
ossf
cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

Score
96
★ 1.7k ⑂ 637 +2/day
Python
jakob-pennington
jakob-pennington
awesome-devsecops

Curating the best DevSecOps resources and tooling.

Score
77
★ 1.7k ⑂ 243 +4/day
project-copacetic
project-copacetic
copacetic

🧵 CLI tool for directly patching container images!

Score
89
★ 1.7k ⑂ 121 +14/day
Go
openappsec
openappsec
openappsec

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

Score
98
★ 1.6k ⑂ 127 +3/day
C++
krol3
krol3
container-security-checklist

Checklist for container security - devsecops practices

Score
67
★ 1.6k ⑂ 226
akto-api-security
akto-api-security
akto

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

Score
91
★ 1.5k ⑂ 285
Java
lunasec-io
lunasec-io
lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

Score
57
★ 1.5k ⑂ 167
TypeScript
OWASP
OWASP
wrongsecrets

Vulnerable app with examples showing how to not use secrets

Score
93
★ 1.4k ⑂ 589
Java
tillson
tillson
git-hound

Fast GitHub recon tool. Scans for leaked secrets across all of GitHub, not just known repos and orgs. Support for GitHub dorks.

Score
82
★ 1.4k ⑂ 204 +1/day
Go
betterleaks
betterleaks
betterleaks

Scan the world (for secrets)

Score
57
★ 1.4k ⑂ 102 +2/day
Go
aquasecurity
aquasecurity
trivy-action

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities

Score
90
★ 1.4k ⑂ 354 +5/day
Shell
owasp-noir
owasp-noir
noir

Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.

Score
89
★ 1.3k ⑂ 141
Crystal
bridgecrewio
bridgecrewio
terragoat

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

Score
97
★ 1.3k ⑂ 5.8k +2/day
HCL
CyberStrikeus
CyberStrikeus
CyberStrike

AI-powered offensive security agent with 7,300+ actionable security skills. Autonomous pentesting powered by MITRE ATT&CK (2,000+ Atomic tests), CIS Benchmarks (1,500+ controls), OWASP, NIST. Lazy-loading, zero context pollution. Your AI red team.

Score
88
★ 1.2k ⑂ 192 +75/day
TypeScript
mongodb
mongodb
kingfisher

Detect leaked secrets + live validation. Map blast radius across your stack. Revoke fast. 950+ rules.

Score
87
★ 1.2k ⑂ 108 +1/day
Rust
XmirrorSecurity
XmirrorSecurity
OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

Score
83
★ 1.1k ⑂ 134
Go
safedep
safedep
vet

Protect against malicious open source packages 🤖

Score
85
★ 1.1k ⑂ 103 +5/day
Go
OWASP
OWASP
DevSecOpsGuideline

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

Score
87
★ 1.1k ⑂ 253 +3/day
Python
ajinabraham
ajinabraham
CMSScan

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

Score
54
★ 1.1k ⑂ 146
CSS
Related Topics
#security#security-tools#devops#kubernetes#owasp#containers#docker#security-automation#appsec#vulnerability-scanners#scanning

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly