Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with devsecops

A curated list of projects in awesome lists tagged with devsecops .

https://github.com/aquasecurity/trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

containers devsecops docker go golang hacktoberfest iac infrastructure-as-code kubernetes misconfiguration security security-tools vulnerability vulnerability-detection vulnerability-scanners

Last synced: 12 May 2025

https://github.com/mobsf/mobile-security-framework-mobsf

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

android-security api-testing apk cwe devsecops dynamic-analysis ios-security malware-analysis mastg masvs mobile-security mobsf mstg owasp rest runtime-security static-analysis web-security windows-mobile-security

Last synced: 09 Sep 2025

https://github.com/MobSF/Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

android-security api-testing apk cwe devsecops dynamic-analysis ios-security malware-analysis mastg masvs mobile-security mobsf mstg owasp rest runtime-security static-analysis web-security windows-mobile-security

Last synced: 19 Mar 2025

https://github.com/bytebase/bytebase

World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.

cicd data-masking data-security database-access dbeaver devsecops flyway gitops liquibase mongodb mysql oracle pam postgresql schema-migrations security snowflake sql-client sqlserver tidb

Last synced: 12 May 2025

https://github.com/Bytebase/Bytebase

World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.

cicd data-masking data-security database-access dbeaver devsecops flyway gitops liquibase mongodb mysql oracle pam postgresql schema-migrations security snowflake sql-client sqlserver tidb

Last synced: 01 Apr 2025

https://github.com/prowler-cloud/prowler

Prowler is an Open Cloud Security Platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more

aws azure cis-benchmark cloud cloudsecurity compliance cspm devsecops forensics gcp gdpr hardening iam multi-cloud python security security-audit security-hardening security-tools well-architected

Last synced: 13 May 2025

https://github.com/gravitl/netmaker

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

cloud devsecops k8s kubernetes mesh mesh-network network networking overlay-network security self-hosted virtual-network virtual-networking vpn vpn-server wg-quick wireguard wireguard-ui wireguard-vpn zero-trust

Last synced: 12 May 2025

https://github.com/turbot/steampipe

Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

aws azure cis cloud cnapp cspm devops devsecops etl gcp golang hacktoberfest kubernetes postgresql postgresql-fdw security sqlite steampipe terraform zero-etl

Last synced: 14 May 2025

https://github.com/tenable/terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

architecture aws aws-security azure-security cloud-security cloudsecurity devops devsecops gcp-security iac infrastructure infrastructure-as-code kubernetes sast scans security security-tools security-violations terraform terrascan

Last synced: 12 May 2025

https://github.com/madhuakula/kubernetes-goat

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

blueteam cloud-native cloud-security cloudsecurity container container-security devsecops docker hacking infrastructure k8s kubernetes kubernetes-goat kubernetes-security owasp pentesting redteam security vulnerable-app

Last synced: 13 May 2025

https://github.com/hahwul/dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

bugbounty bugbounty-tool cicd-pipeline devsecops golang hacktoberfest security vulnerability xss xss-bruteforce xss-detection xss-exploit xss-scanner

Last synced: 12 May 2025

https://github.com/dependencytrack/dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

appsec bill-of-materials bom component-analysis cyclonedx devsecops hacktoberfest nvd ossindex owasp package-url purl sbom sca security security-automation software-composition-analysis software-security vulnerabilities vulnerability-detection

Last synced: 13 May 2025

https://github.com/DependencyTrack/dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

appsec bill-of-materials bom component-analysis cyclonedx devsecops hacktoberfest nvd ossindex owasp package-url purl sbom sca security security-automation software-composition-analysis software-security vulnerabilities vulnerability-detection

Last synced: 30 Mar 2025

https://github.com/baidu/openrasp

🔥Open source RASP solution

devsecops iast rasp security waf

Last synced: 14 May 2025

https://github.com/containerssh/containerssh

ContainerSSH: Launch containers on demand

containers devsecops docker kubernetes security security-tools ssh

Last synced: 14 May 2025

https://github.com/ContainerSSH/ContainerSSH

ContainerSSH: Launch containers on demand

containers devsecops docker kubernetes security security-tools ssh

Last synced: 15 Mar 2025

https://github.com/ajinabraham/nodejsscan

nodejsscan is a static security code scanner for Node.js applications.

code-analysis code-review devsecops javascript lint node node-security nodejs nodejsscan sast security security-scanner static-analysis

Last synced: 14 May 2025

https://github.com/cider-security-research/cicd-goat

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

appsec cicd ctf devops devsecops gitlab infosec jenkins security

Last synced: 04 Apr 2025

https://github.com/6mile/devsecops-playbook

This is a step-by-step guide to implementing a DevSecOps program for any size organization

devsecops playbook security

Last synced: 25 Aug 2025

https://github.com/6mile/DevSecOps-Playbook

This is a step-by-step guide to implementing a DevSecOps program for any size organization

devsecops playbook security

Last synced: 10 Apr 2025

https://github.com/praetorian-inc/noseyparker

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data and Git history.

credentials devsecops noseyparker penetration-testing rust scanner secrets secrets-detection security security-tools

Last synced: 14 May 2025

https://github.com/pyupio/safety

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

cicd dependency-management devsecops open-source-security package-management python security security-vulnerability travis vulnerability-detection vulnerability-scanners

Last synced: 12 Nov 2025

https://github.com/checkmarx/kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

appsec cloudnative devsecops golang hacktoberfest iac infrastructure-as-code open-policy-agent security security-tools vulnerability-detection vulnerability-scanners

Last synced: 12 Mar 2025

https://github.com/Checkmarx/kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

appsec cloudnative devsecops golang hacktoberfest iac infrastructure-as-code open-policy-agent security security-tools vulnerability-detection vulnerability-scanners

Last synced: 14 Mar 2025

https://github.com/gitguardian/ggshield

Detect and validate 400+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.

apikey code credentials devsecops key leak precommit scanning secrets-detection secrets-management security

Last synced: 13 May 2025

https://github.com/GitGuardian/ggshield

Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

apikey code credentials devsecops iac iac-security infrastructure-as-code key leak precommit scanning secrets-detection secrets-management security

Last synced: 24 Mar 2025

https://github.com/astteam/codeql

《深入理解CodeQL》Finding vulnerabilities with CodeQL.

0e0w codeql codeql-queries devsecops hackaspx hackgolang hackjava javasec learning-codeql ql sast semmle-ql

Last synced: 09 Aug 2025

https://github.com/ahmedtariq01/cloud-devops-learning-resources

This repo includes Books and imp notes related to GCP, Azure, AWS, Docker, K8s, and DevOps. More, exam and interview prep notes.

ansible aws azure azure-devops cicd cloudcomputing cloudnative cloudsecurity containers devops devops-tools devsecops docker gcp jenkins kubernetes linux multicloud notes terraform

Last synced: 15 May 2025

https://github.com/ASTTeam/CodeQL

《深入理解CodeQL》Finding vulnerabilities with CodeQL.

0e0w codeql codeql-queries devsecops hackaspx hackgolang hackjava javasec learning-codeql ql sast semmle-ql

Last synced: 05 Apr 2025

https://github.com/krol3/container-security-checklist

Checklist for container security - devsecops practices

containers devsecops security

Last synced: 22 Mar 2025

https://github.com/lunasec-io/lunasec

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

compliance continuous-delivery cve-scanning cybersecurity dependency-analysis devsecops gdpr log4shell pci-dss sbom sbom-generator scanning scanning-tool security security-tools soc2 software-composition-analysis tokenization web-security zero-trust

Last synced: 15 May 2025

https://github.com/intel/cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

cve cvss devsecops hacktoberfest python sbom sbom-tool security security-automation security-tools swrepo system-tools vulnerabilities vulnerability

Last synced: 13 May 2025

https://github.com/ahmedtariq01/Cloud-DevOps-Learning-Resources

This repo includes Books and imp notes related to GCP, Azure, AWS, Docker, K8s, and DevOps. More, exam and interview prep notes.

ansible aws azure azure-devops cicd cloudcomputing cloudnative cloudsecurity containers devops devops-tools devsecops docker gcp jenkins kubernetes linux multicloud notes terraform

Last synced: 16 Apr 2025

https://github.com/deepfence/yarahunter

🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

ci-cd devsecops devsecops-best-practices devsecops-pipeline hacktoberfest ioc malware threat-hunting yara yara-scanner

Last synced: 14 May 2025

https://github.com/bridgecrewio/terragoat

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

aws-security azure-security cloud-security devsecops gcp-security goat terraform

Last synced: 23 Apr 2025

https://github.com/openappsec/openappsec

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

api-security application-security appsec devsecops kong kubernetes nginx nginx-proxy-manager owasp owasp-top-ten rate-limiting security-tools threat-prevention waf web-application-firewall

Last synced: 29 Dec 2025

https://github.com/xmirrorsecurity/opensca-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

cyclonedx devsecops license-compliance sbom sca security software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security spdx static-analysis swid vulnerabilities

Last synced: 14 May 2025

https://github.com/XmirrorSecurity/OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

cyclonedx devsecops license-compliance sbom sca security software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security spdx static-analysis swid vulnerabilities

Last synced: 26 Apr 2025

https://github.com/akto-api-security/akto

Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposure

api-discovery api-security api-security-testing api-testing authentication authorization devsecops devsecops-pipeline hacktoberfest hacktoberfest2023 idor owasp-top-10 security security-testing sensitive-data-exposure threat-detection

Last synced: 05 Jan 2026

https://github.com/ajinabraham/cmsscan

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

automation devsecops drupal joomla security security-dashboard vbulletin wordpress

Last synced: 12 Apr 2025

https://github.com/ajinabraham/CMSScan

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

automation devsecops drupal joomla security security-dashboard vbulletin wordpress

Last synced: 02 Apr 2025

https://github.com/aquasecurity/trivy-action

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities

devsecops github-actions scanner scanning security tools vulnerability

Last synced: 14 May 2025

https://github.com/owasp-dep-scan/dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners

Last synced: 03 Apr 2025

https://github.com/jonrau1/ElectricEye

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

asset-management attack-surface-management aws aws-audit aws-compliance aws-security cloud-auditing cloud-compliance-reporting cloud-security compliance devsecops gcp-security google-cloud-security multicloud saas-security security-audit security-engineering security-hub security-monitoring security-tools

Last synced: 01 Apr 2025

https://github.com/OWASP/DevSecOpsGuideline

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

devsecops owasp security shift-left

Last synced: 18 Jul 2025

https://github.com/ShiftLeftSecurity/sast-scan

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

appsec dependency-scan devsecops license-scan sast scanners workflow

Last synced: 07 Apr 2025

https://github.com/legit-labs/legitify

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

ci devops devsecops github gitlab golang sdlc-security security security-scanner supply-chain-security

Last synced: 15 May 2025

https://github.com/Legit-Labs/legitify

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

ci devops devsecops github gitlab golang sdlc-security security security-scanner supply-chain-security

Last synced: 01 Apr 2025

https://github.com/aquasecurity/chain-bench

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

cis devsecops go golang misconfiguration open-policy-agent security security-tools software-supply-chain software-supply-chain-security vulnera

Last synced: 13 Oct 2025

https://github.com/owasp-noir/noir

Attack surface detector that identifies endpoints by static analysis

attack-surface-detector attack-surfaces crystal crystal-lang devsecops endpoints hacktoberfest noir owasp owasp-noir pentesting security

Last synced: 15 May 2025

https://github.com/michelin/chopchop

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

devsecops scanning security

Last synced: 13 Apr 2025

https://github.com/hxsecurity/dongtai-agent-java

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

agent applicationsecuritymonitoring appsec-tutorials devsecops dongtai-iast iast java security-scan

Last synced: 16 May 2025

https://github.com/HXSecurity/DongTai-agent-java

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

agent applicationsecuritymonitoring appsec-tutorials devsecops dongtai-iast iast java security-scan

Last synced: 11 Jul 2025

https://github.com/ossillate-inc/packj

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

developer-tools devops devops-tools devsecops dynamic-analysis malware malware-analysis npm pypi python rubygems sandboxing security security-audit security-tools static-analysis supply-chain supply-chain-security vulnerability vulnerability-scanners

Last synced: 07 May 2025

https://github.com/michelin/ChopChop

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

devsecops scanning security

Last synced: 21 Apr 2025

https://github.com/security-prince/Application-Security-Engineer-Interview-Questions

Some of the questions which i was asked when i was giving interviews for Application/Product Security roles. I am sure this is not an exhaustive list but i felt these questions were important to be asked and some were challenging to answer

application-security appsec devsecops infosec interview-questions sdlc security-engineer-interview security-engineering security-team vulnerability webappsec websec websecurity websecurity-reference xss

Last synced: 17 Apr 2025

https://github.com/opengovern/opensecurity

opensecurity: open-source security and compliance. See and secure your cloud, containers, code, networks, deployments, devices. Define your rules, get precise checks, fix gaps fast. Streamlined audits. No fluff.

audit cloud-security compliance container-security cspm devsecops optimization oss policy-as-code security security-auditing-tool

Last synced: 15 May 2025

https://github.com/OWASP/glue

Application Security Automation

ci-cd devsecops owasp tool

Last synced: 10 May 2025

https://github.com/Privado-Inc/privado

Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.

android-privacy-tools appsec compliance devprivops devsecops gdpr gdpr-compliant hacktoberfest play-store-data-safety privacy-by-design privacy-engineering privacy-labels privacy-policy static-analysis

Last synced: 30 Mar 2025

https://github.com/fluidattacks/makes

A software supply chain framework powered by Nix.

build cd ci devops devsecops nix

Last synced: 15 May 2025

https://github.com/step-security/github-actions-goat

GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment

actions attack-simulation attack-simulator devsecops hacking security

Last synced: 15 May 2025

https://github.com/Vinum-Security/kubernetes-security-checklist

Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)

checklist cloud-native-security container-security devsecops kubernetes kubernetes-security requirments security

Last synced: 29 Apr 2025

https://github.com/baidu-security/openrasp-iast

IAST 灰盒扫描工具

devsecops iast rasp security-tools

Last synced: 11 Jul 2025

https://github.com/stackql/stackql

Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework

asset-management cloud cloud-automation cloud-config cloud-operations cloud-security cspm devops devsecops hacktoberfest infrastructure-as-code openapi3 sql stackql

Last synced: 04 Apr 2025

https://github.com/dowjones/hammer

Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)

aws aws-security cloudsecurity devsecops

Last synced: 05 Apr 2025

https://github.com/MandConsultingGroup/porch-pirate

Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collections, requests, users and teams. Porch Pirate can be used as a client or be incorporated into your own applications.

devsecops osint postman recon scanning secrets security

Last synced: 20 Apr 2025

https://github.com/mandconsultinggroup/porch-pirate

Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collections, requests, users and teams. Porch Pirate can be used as a client or be incorporated into your own applications.

devsecops osint postman recon scanning secrets security

Last synced: 25 Oct 2025