devsecops

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls and many more additional checks that help on GDPR, HIPAA and other security frameworks.

Security scanner for your Terraform code

Collaborative Penetration Test and Vulnerability Management Platform

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

🛡️ Make your web services secure by default !

🔥Open source RASP solution

nodejsscan is a static security code scanner for Node.js applications.

Centralize Vulnerability Assessment and Management for DevSecOps Team

Kubernetes Goat 🐐 is a "Vulnerable by Design" Kubernetes Cluster. Designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security 🔐

🌘🦊 DalFox(Finder Of XSS) / Parameter Analysis and XSS Scanning tool based on golang

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues

Detect secret in source code, scan your repo for leaks. Find secrets with GitGuardian and prevent leaked credentials. GitGuardian is an automated secrets detection & remediation service.

Awesome PHP Security Resources 🕶🐘🔐

kube-scan: Octarine k8s cluster risk assessment tool

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.

Identify vulnerabilities in running containers, images, hosts and repositories

Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)