devsecops

一个漏洞扫描工具，可用于扫描容器镜像、系统文件、Git仓库、以及配置和硬编码密钥等

#大语言模型#Gitleaks 是一个开源SAST（静态应用安全测试）命令行工具，用于检测Git 仓库以防止把密码、API 密钥和访问令牌等机密信息硬编码到代码中

TruffleHog 是一个用来探测泄漏密钥的工具，支持扫描的数据源包括git、github、gitlab、S3、文件系统、文件和标准输入

MobSF （移动端安全框架）是一个自动化的移动端应用程序(Android/iOS/Windows)安全问题检出的框架和工具，可以进行静态和动态分析的渗透测试，恶意软件分析和安全评估

Bytebase 是一个开源数据库 DevOps 工具，帮助应用开发者和 DBA 管理数据库 Schema (DDL) 和数据 (DML) 的生命周期

Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuous monitoring, security assessments & audits, incident response, compliance, hardening ...

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

🛡️ Open-source and next-generation Web Application Firewall (WAF)

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Enterprise-ready zero-trust access platform built on WireGuard®.

Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

Tfsec is now part of Trivy

#Awesome#Ultimate DevSecOps library

Open Source Vulnerability Management Platform

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Open Source Cloud Native Application Protection Platform (CNAPP)

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Open-Source Unified Vulnerability Management, DevSecOps & ASPM