devsecops

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Find secrets with Gitleaks 🔑

Find, verify, and analyze leaked credentials

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.

Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuous monitoring, security assessments & audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

🛡️ Open-source and next-generation Web Application Firewall (WAF)

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Enterprise-ready zero-trust access platform built on WireGuard®.

Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

Tfsec is now part of Trivy

Ultimate DevSecOps library

Open Source Vulnerability Management Platform

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Open Source Cloud Native Application Protection Platform (CNAPP)

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

DevSecOps, ASPM, Vulnerability Management. All on one platform.