We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
Mobile-Security-Framework-MobSF - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.
static-analysis dynamic-analysis mobsf android-security mobile-security windows-mobile-security ios-security mobile-security-framework api-testing web-security malware-analysis runtime-security ci-cd devsecops apk ipabunkerized-nginx - nginx Docker image secure by default.
nginx Docker image secure by default. Avoid the hassle of following security best practices "by hand" each time you need a web server or reverse proxy. Bunkerized-nginx provides generic security configs, settings and tools so you don't need to do it yourself.
docker nginx security reverse-proxy clamav cybersecurity web-security hardening modsecurity dnsbl devsecops antibot crowdsec bunkerized-nginx security-tuningcheckov - Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew
Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, Kubernetes, Dockerfile, Serverless or ARM Templates and detects security and compliance misconfigurations using graph-based scanning.
kubernetes aws devops cloudformation azure terraform static-analysis gcp infrastructure-as-code scans compliance helm-charts aws-security devsecops azure-security policy-as-code gcp-security kubernetes-security terraform-securityCMSScan - CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues. CMSScan provides a centralized Security Dashboard for CMS Security scans. It is powered by wpscan, droopescan, vbscan and joomscan. It supports both on demand and scheduled scans and has the ability to sent email reports.
wordpress drupal joomla vbulletin security automation devsecops security-dashboarddjango-DefectDojo - DefectDojo is an open-source application vulnerability correlation and security orchestration tool
DefectDojo is a security program and vulnerability management tool. DefectDojo allows you to manage your application security program, maintain product and application information, schedule scans, triage vulnerabilities and push findings into defect trackers. Consolidate your findings into one source of truth with DefectDojo. Try out DefectDojo in our testing environment.
vulnerability-databases django security owasp analytics vulnerability-management automation security-automation security-orchestration devsecops vulnerability-correlationDependency-Track - Intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.
security owasp bom vulnerabilities vulndb appsec component-analysis nvd vulnerability-detection sca software-security security-automation devsecops software-composition-analysis bill-of-materials ossindex purl package-url sbom cyclonedxkube-scan - kube-scan: Octarine k8s cluster risk assessment tool
Try our free Kubernetes risk assessment tool today. Run it on any cluster at any time. No data leaves your cluster. We do not collect any information. For more information on Octarine see https://www.octarinesec.com. Kube-Scan gives a risk score, from 0 (no risk) to 10 (high risk) for each workload. The risk is based on the runtime configuration of each workload (currently 20+ settings). The exact rules and scoring formula are part of the open-source framework KCCSS, the Kubernetes Common Configuration Scoring System.
kubernetes security devops security-audit k8s cloud-native security-scanner security-tools devsecops security-scannersterragoat - TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
terraform aws-security goat devsecops cloud-security azure-security gcp-securityNodeJsScan - NodeJsScan is a static security code scanner for Node.js applications.
Static security code scanner (SAST) for Node.js applications. The command line interface (CLI) allows you to integrate NodeJsScan with DevSecOps CI/CD pipelines. The results are in JSON format. When you use CLI the results are never stored with NodeJsScan backend.
nodejs static-analysis security security-scanner sast devsecops code-analysis code-review node node-securitysast-scan - Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies
Scan is a free open-source security tool for modern DevOps teams. With an integrated multi-scanner based design, Scan can detect various kinds of security flaws in your application, and infrastructure code in a single fast scan without the need for any remote server. Scan is purpose built for workflow integration with nifty features such as automatic build breaker, results baseline and PR summary comments. Scan products are open-source under a GNU GPL 3.0 or later (GPL-3.0-or-later) license. Please visit the official documentation site for scan to learn about the configuration and CI/CD integration options. We also have a dedicated discord channel for issues and support.
workflow appsec scanners license-scan devsecops sast dependency-scanglue - Application Security Automation
Glue is a framework for running a series of tools. Generally, it is intended as a backbone for automating a security analysis pipeline of tools. Checkout the Playground to get a better understanding of Glue's features and how you can use them.
ci-cd devsecops tool owaspsecurity-benchmarks - GSA Security Benchmarks and Tools
Welcome to the General Services Administration Security Benchmarks repository. Here you can find items to help implement GSA Security Benchmarks, Infrastructure As Code, and other tools for our DevSecOps work. The GSA publishes security guides for various operating systems and applications commonly used at the agency. For more information, please refer to the published guides on insite.gsa.gov (only accessible with GSA account).
devsecopsaws-pipeline - Build a CI/CD for Microservices and Serverless Functions in AWS :cloud:
Build a CI/CD for Microservices and Serverless Functions in AWS :cloud:
aws devops devsecops docker lambda serverless terraform packer jenkinshungryfox - Monitoring for leaks of sensitive information in git repositories
HungryFox is a software for continuous search for leaks of sensitive information like passwords, api-keys, private certificates and etc in your repositories. HungryFox differs from other solutions as it can work as a daemon and efficiently scans each new commit in repo and sends notification about found leaks.
leak secret password security devsecops gitmobsf-ci - All that is required to run MobSF in the ci
This repo contains all the is required to run MobSF in the CI. MobSF is a security tool that can scan APK/IPA and report various security issues. By running it in the CI, you can find those issues earlier, and fix them. To learn more about what it MobSF and what it can detect, checkout the blog post. To parse the report, use Glue - see in the next section how.
devsecops mobsf cicd automation security-testing mobileHolisticInfoSec-For-WebDevelopers-Fascicle2 - :books: IoT :lock: Mobile :books:
The contents of Fascicle 2 that's a work in progress is listed below, and can be found at the books landing page. If there is something you would like to see included in this fascicle, please submit an issue for consideration.
devops security security-audit security-review security-testing devsecops book hacking iot iot-testing iot-security iot-security-testing threat-modeling infosec mobile mobile-security mobile-security-testing android booksdocker-security-images - :closed_lock_with_key: Docker Container for Penetration Testing & Security
Update: Docker Images now as well on Quay.io available.
docker docker-security penetration-testing secops devops infosec devsecops cybersecurity cyber-security it-security container container-security container-hardening pentesting pentest pentest-toolsecurity-automation-with-ansible-2 - Ansible Playbooks for Security Automation with Ansible2 book
This repository contains all the code, playbooks, details regarding the book on Security Automation with Ansible2.
ansible devops book automation security devsecops secdevopshammer - Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)
Dow Jones Hammer is a multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources, across all regions and accounts. It has near real-time reporting capabilities (e.g. JIRA, Slack) to provide quick feedback to engineers and can perform auto-remediation of some misconfigurations. This helps to protect products deployed on cloud by creating secure guardrails. Dow Jones Hammer documentation is available via GitHub Pages at https://dowjones.github.io/hammer/.
devsecops cloudsecurity aws aws-security
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
