Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/northwood-labs/devsec-tools

Tools that are useful for DevSecOps workflows.
https://github.com/northwood-labs/devsec-tools

cli docker dockerfile github-actions go golang golang-library sha256 sha256-hash

Last synced: 22 days ago
JSON representation

Tools that are useful for DevSecOps workflows.

Host: GitHub
URL: https://github.com/northwood-labs/devsec-tools
Owner: northwood-labs
License: apache-2.0
Created: 2024-02-12T22:51:47.000Z (11 months ago)
Default Branch: main
Last Pushed: 2024-12-24T04:07:07.000Z (28 days ago)
Last Synced: 2024-12-24T05:20:28.418Z (28 days ago)
Topics: cli, docker, dockerfile, github-actions, go, golang, golang-library, sha256, sha256-hash
Language: Go
Homepage:
Size: 407 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 81
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.txt
- Security: SECURITY.md

Awesome Lists containing this project

README

# DevSec Tools

DevSec Tools is a suite of tools that are useful for DevSecOps workflows. Its goal is to simplify and streamline the process of developing, securing, and operating software and systems for the web.

This package provides both lower-level Go libraries, as well as a CLI tool for running security scans. It is the CLI equivalent to [devsec.tools](https://devsec.tools).

## CLI usage

```bash
devsec-tools --help
```

### Check supported HTTP versions for a domain

> [!TIP]
> If you do not provide a _scheme_, `devsec-tools` will assume `https:`. If you explicitly want to test `http:`, you should specify that in the domain name.

```bash
devsec-tools http --help
devsec-tools http apple.com
```

```bash
devsec-tools http http://localhost:8080
```

### Check supported TLS versions and cipher suites for a domain

```bash
devsec-tools tls --help
devsec-tools tls google.com
```

## Modes

### CLI

When installed locally, `devsec-tools` will run in _CLI-mode_ and operate just like any other CLI tool.

### Lambda

When deployed to an AWS Lambda environment, `devsec-tools` will run in _Lambda-mode_ and will look for events received from endpoints via Amazon API Gateway v2.

### Other?

In the future we may add more modes, depending on support from cloud serverless providers.

We are also planning to investigate the feasibility of [WASM](https://webassembly.org)/[WASI](https://wasi.dev) compatibility, as well as compatibility with [TinyGo](https://tinygo.org).