Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
DevSecOps
Ultimate DevSecOps library
https://github.com/sottlmarek/DevSecOps
Last synced: 2 days ago
JSON representation
-
Pre-commit time tools
- https://github.com/awslabs/git-secrets - secrets?style=for-the-badge) |
- https://github.com/tillson/git-hound - hound](https://img.shields.io/github/stars/tillson/git-hound?style=for-the-badge) |
- https://github.com/slackhq/goSDL - the-badge) |
- https://github.com/we45/ThreatPlaybook - the-badge) |
- https://github.com/OWASP/threat-dragon - dragon?style=for-the-badge) |
- https://github.com/threatspec/threatspec - the-badge) |
- https://github.com/Threagile/threagile - the-badge) |
- https://github.com/thoughtworks/talisman - the-badge) |
- https://github.com/OWASP/SEDATED - the-badge) |
- https://github.com/SonarSource/sonarlint-core - core?style=for-the-badge)|
- https://github.com/microsoft/DevSkim - the-badge)|
- https://github.com/Yelp/detect-secrets - secrets?style=for-the-badge)|
- https://github.com/terraform-linters/tflint - linters/tflint?style=for-the-badge)|
- https://github.com/turbot/steampipe-plugin-code - plugin-code)](https://github.com/turbot/steampipe-plugin-code/stargazers) |
- https://mal-lang.org/#what - lang/exampleLang?style=for-the-badge) |
-
Secrets management
- https://github.com/gitguardian/ggshield - the-badge) |
- https://github.com/trufflesecurity/truffleHog - the-badge) |
- https://github.com/hashicorp/vault - the-badge) |
- https://github.com/michenriksen/gitrob - the-badge)|
- https://github.com/d1vious/git-wild-hunt - wild-hunt](https://img.shields.io/github/stars/d1vious/git-wild-hunt?style=for-the-badge)|
- https://github.com/99designs/aws-vault - vault](https://img.shields.io/github/stars/99designs/aws-vault?style=for-the-badge)|
- https://github.com/pinterest/knox - the-badge)|
- https://github.com/chef/chef-vault - vault?style=for-the-badge)|
- https://github.com/marketplace/actions/aws-secrets-manager-actions - manager/) ||
- https://github.com/d1vious/git-wild-hunt - wild-hunt](https://img.shields.io/github/stars/d1vious/git-wild-hunt?style=for-the-badge)|
- Ansible vault docs - community/ansible-vault?style=for-the-badge)|
- https://github.com/mozilla/sops - the-badge) |
- https://github.com/mozilla/sops - the-badge) |
- https://github.com/zricethezav/gitleaks - the-badge) |
-
OSS and Dependency management
- https://github.com/AppThreat/cdxgen - the-badge) |
- https://github.com/spdx/spdx-spec - Software Package Data Exchange | |
- https://github.com/snyk/vulncost - the-badge) |
- https://github.com/apiiro/combobulator - related attacks detection and prevention through heuristics and insight engine (support multiple dependency schemes) |  |
- https://github.com/DependencyTrack/dependency-track - track?style=for-the-badge) |
- https://github.com/jeremylong/DependencyCheck - the-badge) |
- https://github.com/retirejs/retire.js/ - library versions with known vulnerabilities | |
- https://github.com/fabpot/local-php-security-checker - php-security-checker?style=for-the-badge)|
- https://github.com/rubysec/bundler-audit - level verification for bundler ||
- https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium
- https://github.com/dependabot/dependabot-core - core?style=for-the-badge)|
- https://github.com/renovatebot/renovate - platform and multi-language ||
- https://github.com/anchore/syft - the-badge)|
- https://github.com/orgs/CycloneDX/repositories - cli?style=for-the-badge) |
- https://www.npmjs.com/package/npm-check - check](https://img.shields.io/github/stars/dylang/npm-check?style=for-the-badge)|
- https://securityscorecards.dev - 10) to be considered in the decision making of what libraries to use. ||
- https://github.com/snyk/snyk - the-badge) |
- https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium
- https://github.com/oss-review-toolkit/ort - review-toolkit/ort?style=for-the-badge)|
-
Supply chain specific tools
- https://github.com/tektoncd/chains - the-badge) |
- https://github.com/grafeas/kritis - the-badge)|
- https://github.com/deislabs/ratify - the-badge)|
- https://github.com/aquasecurity/chain-bench - bench](https://img.shields.io/github/stars/aquasecurity/chain-bench?style=for-the-badge)|
- https://github.com/in-toto/attestation/tree/v0.1.0/spec - toto attestation is authenticated metadata about one or more software artifacts | |
- Official GitHub link - chain Levels for Software Artifacts | |
- Official GitHub link - chain Levels for Software Artifacts | |
-
SAST
- https://github.com/presidentbeef/brakeman - the-badge) |
- https://github.com/PyCQA/bandit - the-badge) |
- https://github.com/ajinabraham/libsast - the-badge) |
- https://github.com/ajinabraham/nodejsscan - the-badge) |
- https://github.com/SonarSource/sonarqube - the-badge) |
- https://github.com/securego/gosec - the-badge) |
- https://github.com/pyupio/safety - the-badge) |
- https://github.com/Bearer/bearer - the-badge) |
- https://github.com/MobSF/mobsfscan - the-badge) |
- https://semgrep.dev/ - Quality Open source, works on 17+ languages | |
- https://github.com/PyCQA/bandit - the-badge) |
- https://eslint.org/
- https://find-sec-bugs.github.io/ - sec-bugs/find-sec-bugs?style=for-the-badge) |
- https://github.com/ajinabraham/libsast - the-badge) |
-
DAST
- https://github.com/akto-api-security/akto/ - api-security/akto?style=for-the-badge) |
- https://github.com/wapiti-scanner/wapiti - scanner/wapiti?style=for-the-badge) |
- https://github.com/projectdiscovery/nuclei - the-badge) |
- https://github.com/purpleteam-labs/purpleteam - labs/purpleteam?style=for-the-badge) |
- https://github.com/google/oss-fuzz - Fuzz: Continuous Fuzzing for Open Source Software | |
- https://github.com/sullo/nikto - the-badge) |
- https://owasp.org/www-project-zap/ - the-badge) |
- https://code.google.com/archive/p/skipfish/ - the-badge) |
- https://github.com/wapiti-scanner/wapiti - scanner/wapiti?style=for-the-badge) |
- https://github.com/google/oss-fuzz - Fuzz: Continuous Fuzzing for Open Source Software | |
-
Continuous deployment security
- https://github.com/secureCodeBox/secureCodeBox - the-badge) |
- https://github.com/OpenSCAP/openscap - the-badge) |
-
Kubernetes
- https://github.com/cyberark/KubiScan - the-badge) |
- https://github.com/Shopify/kubeaudit - audit](https://img.shields.io/github/stars/Shopify/kubeaudit?style=for-the-badge) |
- https://github.com/controlplaneio/kubesec - the-badge) |
- https://github.com/aquasecurity/kube-bench - bench?style=for-the-badge) |
- https://github.com/zegl/kube-score - score](https://img.shields.io/github/stars/zegl/kube-score?style=for-the-badge) |
- https://github.com/aquasecurity/kube-hunter - hunter](https://img.shields.io/github/stars/aquasecurity/kube-hunter?style=for-the-badge) |
- https://github.com/projectcalico/calico - the-badge) |
- https://github.com/appvia/krane - the-badge) |
- https://github.com/aquasecurity/starboard - the-badge) |
- https://github.com/open-policy-agent/gatekeeper - policy-agent/gatekeeper?style=for-the-badge) |
- https://github.com/kinvolk/inspektor-gadget - gadget?style=for-the-badge) |
- https://github.com/stackrox/kube-linter - linter](https://img.shields.io/github/stars/stackrox/kube-linter?style=for-the-badge) |
- https://github.com/snyk-labs/helm-snyk - labs/helm-snyk)](https://github.com/snyk-labs/helm-snyk/stargazers) |
- https://github.com/controlplaneio/badrobot
- https://github.com/octarinesec/kube-scan - scan](https://img.shields.io/github/stars/octarinesec/kube-scan?style=for-the-badge)
- https://github.com/turbot/steampipe-mod-kubernetes-insights - mod-kubernetes-insights)](https://github.com/turbot/steampipe-mod-kubernetes-insights/stargazers) |
- https://github.com/turbot/steampipe-mod-kubernetes-compliance - mod-kubernetes-compliance)](https://github.com/turbot/steampipe-mod-kubernetes-compliance/stargazers) |
- https://github.com/aquasecurity/trivy-operator - native security toolkit. | [](https://github.com/aquasecurity/trivy-operator/stargazers) |
- https://github.com/aquasecurity/starboard - the-badge) |
- https://github.com/kinvolk/inspektor-gadget - gadget?style=for-the-badge) |
- https://github.com/orgs/kubewarden/repositories
- https://github.com/kubernetes-sigs/bom - sigs/bom)](https://img.shields.io/github/stars/kubernetes-sigs/bom) |
- https://github.com/kinvolk/inspektor-gadget - gadget?style=for-the-badge) |
- https://github.com/clastix/capsule - tenancy and policy-based framework for Kubernetes | |
- https://github.com/aquasecurity/kube-bench - bench?style=for-the-badge) |
- https://github.com/armosec/kubescape - source tool for testing if Kubernetes is deployed according to the NSA-CISA and the MITRE ATT&CK®. | |
-
Containers
- https://github.com/goharbor/harbor - the-badge) |
- https://github.com/anchore/anchore-engine - engine?style=for-the-badge) |
- https://github.com/quay/clair - the-badge) |
- https://github.com/docker/docker-bench-security - the-badge)|
- https://github.com/falcosecurity/falco - the-badge) |
- https://github.com/notaryproject/notary - the-badge) |
- https://github.com/sigstore/cosign - the-badge) |
- https://github.com/containrrr/watchtower - the-badge) |
- https://github.com/anchore/grype - the-badge) |
- https://github.com/project-copacetic/copacetic - copacetic/copacetic?style=for-the-badge) |
- https://github.com/deepfence/ThreatMapper - the-badge) |
- https://github.com/docker/docker-bench-security - the-badge)|
-
Infrastructure as code security
- https://github.com/aquasecurity/trivy - as-code | |
- https://github.com/Checkmarx/kics - the-badge) |
- https://github.com/bridgecrewio/checkov - as-code | |
- https://github.com/aquasecurity/tfsec - the-badge) |
- https://github.com/aquasecurity/cfsec - the-badge) |
- https://github.com/stelligent/cfn_nag - the-badge) |
- https://github.com/sysdiglabs/cloud-iac-scanner-action - iac-scanner-action?style=for-the-badge) |
- https://github.com/turbot/steampipe-mod-terraform-aws-compliance - mod-terraform-aws-compliance)](https://github.com/turbot/steampipe-mod-terraform-aws-compliance/stargazers) |
- https://github.com/turbot/steampipe-mod-terraform-azure-compliance - mod-terraform-azure-compliance)](https://github.com/turbot/steampipe-mod-terraform-azure-compliance/stargazers) |
- https://github.com/turbot/steampipe-mod-terraform-gcp-compliance - mod-terraform-gcp-compliance)](https://github.com/turbot/steampipe-mod-terraform-gcp-compliance/stargazers) |
- https://github.com/turbot/steampipe-mod-terraform-oci-compliance - mod-terraform-oci-compliance)](https://github.com/turbot/steampipe-mod-terraform-oci-compliance/stargazers) |
-
Multi-Cloud
- https://github.com/aquasecurity/cloudsploit - the-badge) |
- https://github.com/nccgroup/ScoutSuite - the-badge) |
- https://github.com/cloudgraphdev/cli - the-badge) |
- https://github.com/turbot/steampipe - source benchmarks & dashboards for security & insights. | [](https://github.com/turbot/steampipe/stargazers) |
-
AWS
- https://github.com/nccgroup/aws-inventory - inventory](https://img.shields.io/github/stars/nccgroup/aws-inventory?style=for-the-badge) |
- https://github.com/tmobile/pacbot - the-badge) |
- https://github.com/salesforce/cloudsplaining - the-badge) |
- https://github.com/jonrau1/ElectricEye - the-badge) |
- https://github.com/duo-labs/cloudmapper - labs/cloudmapper?style=for-the-badge) |
- https://github.com/salesforce/policy_sentry - the-badge) |
- https://github.com/bridgecrewio/AirIAM - the-badge) |
- https://github.com/airbnb/streamalert - time data analysis framework which empowers you to ingest, analyze, and alert | |
- https://github.com/jtblin/kube2iam/ - the-badge) |
- Globaldatanet FMS automation - firewall-factory?style=for-the-badge)|
- Parliment - labs/parliament?style=for-the-badge)|
- Yor - as-code frameworks such as Terraform, CloudFormation, and Serverless | |
- https://github.com/turbot/steampipe-mod-aws-insights - mod-aws-insights)](https://github.com/turbot/steampipe-mod-aws-insights/stargazers) |
- https://github.com/turbot/steampipe-mod-aws-compliance - mod-aws-compliance)](https://github.com/turbot/steampipe-mod-aws-compliance/stargazers) |
- https://github.com/indeni/dragoneye - the-badge) |
- https://github.com/duo-labs/cloudmapper - labs/cloudmapper?style=for-the-badge) |
- https://github.com/salesforce/policy_sentry - the-badge) |
- https://github.com/airbnb/streamalert - time data analysis framework which empowers you to ingest, analyze, and alert | |
- Official AWS opensource repo - source resources | |
- https://github.com/mlabouardy/komiser - the-badge) |
-
Google cloud platform
- https://github.com/forseti-security/forseti-security - security/forseti-security?style=for-the-badge)|
- https://github.com/turbot/steampipe-mod-gcp-insights - mod-gcp-insights)](https://github.com/turbot/steampipe-mod-gcp-insights/stargazers) |
- https://github.com/turbot/steampipe-mod-gcp-compliance - mod-gcp-compliance)](https://github.com/turbot/steampipe-mod-gcp-compliance/stargazers) |
-
Microsoft Azure
- https://github.com/turbot/steampipe-mod-azure-insights - mod-azure-insights)](https://github.com/turbot/steampipe-mod-azure-insights/stargazers) |
- https://github.com/turbot/steampipe-mod-azure-compliance - mod-azure-compliance)](https://github.com/turbot/steampipe-mod-azure-compliance/stargazers) |
- https://github.com/Azure/PSRule.Rules.Azure
- https://github.com/cloudyspells/PSRule.Rules.AzureDevOps
-
Policy as code
- https://github.com/open-policy-agent/opa - purpose policy engine that enables unified, context-aware policy enforcement across the entire stack | |
- https://github.com/kyverno/kyverno - the-badge) |
- https://github.com/inspec/inspec - source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements. | |
- https://github.com/aws-cloudformation/cloudformation-guard - guard](https://img.shields.io/github/stars/aws-cloudformation/cloudformation-guard?style=for-the-badge) |
- https://github.com/mondoohq/cnspec - native and powerful Policy as Code engine to assess the security and compliance of your business-critical infrastructure. cnspec finds vulnerabilities and misconfigurations on all systems in your infrastructure including: public and private cloud environments, Kubernetes clusters, containers, container registries, servers and endpoints, SaaS products, infrastructure as code, APIs, and more. | |
-
Chaos engineering
- https://github.com/chaos-mesh/chaos-mesh - native Chaos Engineering platform that orchestrates chaos on Kubernetes environments | |
- https://netflix.github.io/chaosmonkey/ - the-badge) |
- https://thalesgroup.github.io/chaos-engine/ - engine?style=for-the-badge) |
- https://github.com/linki/chaoskube - the-badge) |
- https://github.com/lucky-sideburn/KubeInvaders - sideburn/KubeInvaders?style=for-the-badge) |
- https://github.com/asobti/kube-monkey - monkey](https://img.shields.io/github/stars/asobti/kube-monkey?style=for-the-badge) |
- https://github.com/gremlin/gremlin-python - python?style=for-the-badge) |
- https://github.com/aws-samples/aws-fault-injection-simulator-samples - samples/aws-fault-injection-simulator-samples?style=for-the-badge) |
- https://github.com/gruntwork-io/cloud-nuke - io/cloud-nuke?style=for-the-badge) |
- https://litmuschaos.io/ - to-end chaos engineering platform for cloud native infrastructure and applications. Litmus is designed to orchestrate and analyze chaos in their environments. |  |
- https://github.com/linki/chaoskube - the-badge) |
-
Orchestration
- https://github.com/StackStorm/st2 - the-badge) |
- https://github.com/camunda/camunda-bpm-platform - bpm-platform?style=for-the-badge)|
- https://github.com/DefectDojo/django-DefectDojo - DefectDojo?style=for-the-badge) |
- https://github.com/infobyte/faraday
- https://github.com/aws-samples/automated-security-helper - samples/automated-security-helper?style=for-the-badge) |
- https://github.com/MobSF/Mobile-Security-Framework-MobSF - Security-Framework-MobSF?style=for-the-badge) |
- https://github.com/Legit-Labs/legitify - Labs/legitify?style=for-the-badge) |
- Hackitect playground
- https://github.com/aws-samples/automated-security-helper - samples/automated-security-helper?style=for-the-badge) |
-
Contribution rules
Programming Languages
Categories
Kubernetes
26
AWS
20
OSS and Dependency management
19
Pre-commit time tools
15
Secrets management
14
SAST
14
Containers
12
Infrastructure as code security
11
Chaos engineering
11
DAST
10
Orchestration
9
Supply chain specific tools
7
Policy as code
5
Microsoft Azure
4
Multi-Cloud
4
Google cloud platform
3
Continuous deployment security
2
Contribution rules
2
Sub Categories
Keywords
security
66
kubernetes
35
devsecops
24
aws
22
compliance
21
security-tools
19
static-analysis
17
devops
16
steampipe
14
terraform
13
golang
12
vulnerabilities
12
steampipe-mod
12
powerpipe
12
powerpipe-mod
12
sql
12
go
11
docker
11
azure
11
containers
10
cloud-native
10
security-audit
9
vulnerability-detection
9
gcp
9
security-scanner
8
owasp
8
python
8
cloud
8
security-automation
8
vulnerability-scanners
7
k8s
7
infrastructure-as-code
7
cncf
6
oci
6
cis
6
aws-security
6
appsec
6
sbom
5
cloudformation
5
vulnerability
5
cyclonedx
5
automation
4
vulnerability-management
4
iac
4
iam
4
static-code-analysis
4
sast
4
secrets
4
cloud-security
4
cis-benchmark
4