kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx

  •        58

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. KICS stands for Keeping Infrastructure as Code Secure, it is open source and is a must-have for any cloud native project.

https://kics.io
https://github.com/Checkmarx/kics

Tags
Implementation
License
Platform

   




Related Projects

yor - Extensible auto-tagger for your IaC files

  •    Go

Yor is an open-source tool that helps add informative and consistent tags across infrastructure-as-code frameworks such as Terraform, CloudFormation, and Serverless. Yor is built to run as a GitHub Action automatically adding consistent tagging logics to your IaC. Yor can also run as a pre-commit hook and a standalone CLI.

infrastructure-as-code-tutorial - Infrastructure As Code Tutorial

  •    

This tutorial is intended to show what the Infrastructure as Code (IaC) is, why we need it, and how it can help you manage your infrastructure more efficiently. It is practice-based, meaning I don't give much theory on what Infrastructure as Code is in the beginning of the tutorial, but instead let you feel it through the practice first. At the end of the tutorial, I summarize some of the key points about Infrastructure as Code based on what you learn through the labs.

sast-scan - Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies

  •    Python

Scan is a free open-source security tool for modern DevOps teams. With an integrated multi-scanner based design, Scan can detect various kinds of security flaws in your application, and infrastructure code in a single fast scan without the need for any remote server. Scan is purpose built for workflow integration with nifty features such as automatic build breaker, results baseline and PR summary comments. Scan products are open-source under a GNU GPL 3.0 or later (GPL-3.0-or-later) license. Please visit the official documentation site for scan to learn about the configuration and CI/CD integration options. We also have a dedicated discord channel for issues and support.

open-cdk - This guide is an opinionated set of tips and best practices for working with the AWS Cloud Development Kit

  •    

The AWS CloudDevelopment Kit (CDK) is a framework built on top of CloudFormation that makes it delightful for users to manage AWS Infrastructure as Code (IaC). When everything is going right, the CDK will make you feel like a devops wizard. That being said, the cloud is complicated, CloudFormation coverage of AWS is incomplete, and the CDK itself (and IaC in general) is still a young framework with little in the way of established best practices. This guide is an opinionated set of tips and best practices for working with the CDK. It is meant to be a living document, updated on an ongoing basis by the community as the CDK and practices around it mature.


tads-boilerplate - Terraform + Ansible + Docker Swarm boilerplate = DevOps on :fire::fire::fire: | Infrastructure as Code

  •    Shell

With T.A.D.S., you will be able to onboard a new developer on your project in less than 3 minutes, with just 3 commands! Even if you have a complex microservices architecture. Forget about your outdated wikis or installation procedures, they are no longer needed! See the example user README to get a preview of what your new procedures could look like.

regula - Regula checks infrastructure as code templates (Terraform, CloudFormation) for AWS, Azure and Google Cloud security and compliance using Open Policy Agent/Rego

  •    Open

Regula is a tool that evaluates CloudFormation and Terraform infrastructure-as-code for potential AWS, Azure, and Google Cloud security and compliance violations prior to deployment. Regula includes a library of rules written in Rego, the policy language used by the Open Policy Agent (OPA) project. Regula works with your favorite CI/CD tools such as Jenkins, Circle CI, and AWS CodePipeline; we’ve included a GitHub Actions example so you can get started quickly. Where relevant, we’ve mapped Regula policies to the CIS AWS, Azure, and Google Cloud Foundations Benchmarks so you can assess compliance posture. Regula is maintained by engineers at Fugue.

CloudQuery - Transforms your cloud infrastructure into SQL database for easy monitoring, governance and security

  •    Go

CloudQuery transforms your cloud infrastructure into queryable SQL for easy monitoring, governance and security. CloudQuery pulls, normalize, expose and monitor your cloud infrastructure and SaaS apps as SQL database. This abstracts various scattered APIs enabling you to define security, governance, cost and compliance policies with SQL. CloudQuery comes with built-in policy packs such as: AWS CIS.

Red-Baron - Automate creating resilient, disposable, secure and agile infrastructure for Red Teams.

  •    HCL

Red Baron is a set of modules and custom/third-party providers for Terraform which tries to automate creating resilient, disposable, secure and agile infrastructure for Red Teams. Both of these resources were referenced heavily while building this.

terratag - Terratag is a CLI tool that enables users of Terraform to automatically create and maintain tags across their entire set of AWS, Azure, and GCP resources

  •    HCL

Terratag is brought to you with ❤️  by Let your team manage their own environment in AWS, Azure and Google. Governed by your policies and with complete visibility and cost management. Terratag is a CLI tool allowing for tags or labels to be applied across an entire set of Terraform files. Terratag will apply tags or labels to any AWS, GCP and Azure resources.

tfsec - 🔒🌍 Security scanner for your Terraform code

  •    Go

tfsec uses static analysis of your terraform templates to spot potential security issues. Now with terraform v0.12+ support. You can also grab the binary for your system from the releases page.

CloudStack - Infrastructure-as-a-Service (IaaS) software platform

  •    Java

CloudStack CE is an open source Infrastructure-as-a-Service (IaaS) software platform, which enables users to build, manage and deploy compute cloud environments.

Pulumi - Developer-First Infrastructure as Code

  •    Go

The Pulumi Cloud Native Development Platform is the easiest way to create and deploy cloud programs that use containers, serverless functions, hosted services, and infrastructure, on any cloud. Simply write code in your favorite language and Pulumi automatically provisions and manages your AWS, Azure, Google Cloud Platform, and/or Kubernetes resources, using an infrastructure-as-code approach.

SecurityShepherd - Web and mobile application security training platform

  •    Java

The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen their penetration testing skill set to security expert status. We've got fully automated and step by step walkthroughs on our wiki page to help you get Security Shepherd up and running.

awesome-appsec - A curated list of resources for learning about application security

  •    PHP

A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes. Maintained by Paragon Initiative Enterprises with contributions from the application security and developer communities. We also have other community projects which might be useful for tomorrow's application security experts.

Clusterfuzz - All your bug are belong to us

  •    Python

ClusterFuzz is a scalable fuzzing infrastructure which finds security and stability issues in software. It is used by Google for fuzzing the Chrome Browser, and serves as the fuzzing backend for OSS-Fuzz. Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.

Themis - Crypto library for storage and messaging for ObjC, Android, C++, JS, Python, Ruby and PHP

  •    C

Themis is open-source high-level cryptographic services library for mobile and server platforms, providing secure messaging and secure data storage. Themis provides three important cryptographic services Secure messaging, Secure session and Secure storage.

OpenNebula - Data Center Management Solution

  •    C++

OpenNebula provides solution for building and managing virtualized enterprise data centers and cloud infrastructures to enable on-premise IaaS clouds. OpenNebula interoperability makes cloud an evolution by leveraging existing IT assets, protecting your investments, and avoiding vendor lock-in. penNebula was designed to address the requirements of business use cases from leading companies and across multiple industries, such as Hosting, Telecom, eGovernment, Utility Computing and lot more.

OWASP Juice Shop - Probably the most modern and sophisticated insecure web application

  •    Javascript

OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws. Each packaged distribution includes some binaries for SQLite bound to the OS and node.js version which npm install was executed on.

Dependency-Track - Intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain

  •    Java

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.