78 Open Source Devsecops Software Projects
Free and open source devsecops code projects including engines, APIs, generators, and tools.
Mobile Security Framework Mobsf 6863 ⭐
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Devsecops Awesome Devsecops 2203 ⭐
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
Django Defectdojo 1410 ⭐
DefectDojo is an open-source application vulnerability correlation and security orchestration tool.
Gg Shield 677 ⭐
Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.
Dependency Track 613 ⭐
Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.
Terrascan 637 ⭐
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Terragoat 344 ⭐
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Application Security Engineer Interview Questions 221 ⭐
Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer
Chopchop 193 ⭐
ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
Awesome Threat Modelling 214 ⭐
A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
Docker Security Images 162 ⭐
:closed_lock_with_key: Docker Container for Penetration Testing & Security
Threatplaybook 151 ⭐
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
Devsecops Devsecops 94 ⭐
This repository contains information about DevSecOps and how to get involved in this community effort.
Njsscan 86 ⭐
njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.
Xcloud Devops 61 ⭐
A One stop Micoservice + DevSecOps Cloud platform(SaaS) developed based on spring cloud. Its main function modules are: continuous delivery of CI/CD(Support distributed compilation, pptpvpn/OpenVPN/SSH tunnel deployment), certification center, monitoring center, configuration center, resource management center, scheduling center, elastic scaling, shell tools, various tool components (such as HBase / OSS operation and maintenance), document management, timely communication, lightweight risk control, private object storage, version control, etc
Awesome Devsecops_ru 57 ⭐
Подборка выступлений и публикаций на тему DevSecOps на русском и не только)
Security Automation With Ansible 2 55 ⭐
Ansible Playbooks for Security Automation with Ansible2 book
Mixewayhub 44 ⭐
Mixeway is security orchestrator for vulnerability scanners which enable easy plug in integration with CICD pipelines. MixewayHub project contain one click docker-compose file which configure and run images from docker hub.
Holisticinfosec For Webdevelopers Fascicle0 42 ⭐
:books: Overview :lock: Tooling :lock: Process :lock: Physical :lock: People :books:
Aws Security Services With Terraform 42 ⭐
Code examples for the AWS Security Blog post: How to use CI/CD to deploy and configure AWS security services with Terraform
Reapsaw 33 ⭐
Reapsaw is a continuous security devsecops tool, which helps in enabling security into CI/CD Pipeline. It supports coverage for multiple programming languages.
Perimeterator 33 ⭐
'Continuous' AWS perimeter monitoring: Periodically scan internet facing AWS resources to detect misconfigured services.
Devops Infra Demo 25 ⭐
Growing repository of Infrastructure as Code demos (initially created for DevOps Wall Street)
Gdprdpiat 24 ⭐
A GDPR Data Protection Impact Assessment (DPIA) tool to assist organisations to evaluate data protection risks with respect to the EU's General Data Protection Regulation. 🇪🇺
Holisticinfosec For Webdevelopers Fascicle1 18 ⭐
:books: VPS :lock: Network :lock: Cloud :lock: Web Applications :books:
Securecodebox V2 22 ⭐
This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.
Sslchecker 15 ⭐
SSLChecker is a serverless API written in Python and running on Azure Functions. The API is based on Alban Diquet's SSLyze library. SSLChecker is used to identify obsolete versions of SSL/TLS (e.g., SSL 3.0, and TLS 1.0/1.1) on an endpoint, or perform a full scan to identify all supported versions of SSL/TLS on an endpoint.
Repo Visibility Alert Action 14 ⭐
Action that alerts org owners of a repository made public. See upcoming `repo-visibility-toggle-sms-action` to toggle it back via SMS reply.
Inspec Meltdownspectre 11 ⭐
Inspec profile to test for the presence of the Meltdown/Spectre vulnerabilities
Cfngoat 27 ⭐
Cfngoat is Bridgecrew's "Vulnerable by Design" Cloudformation repository. Cfngoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Cdkgoat 15 ⭐
CdkGoat is Bridgecrew's "Vulnerable by Design" AWS CDK repository. CdkGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Faraday_agent_dispatcher 11 ⭐
Faraday Agent Dispatcher launches any security tools and send results to Faradaysec Platform.