devsecops

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Protect and discover secrets using Gitleaks 🔑

Find credentials all over the place

Prowler is an Open Source Security tool to perform Cloud Security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

Security scanner for your Terraform code

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required.

Ultimate DevSecOps library

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

WireGuard®-based VPN server and firewall

Open Source Vulnerability Management Platform

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

🛡️ Make your web services secure by default !

DefectDojo is a DevSecOps and vulnerability management tool.

🔥Open source RASP solution