{{ message }}
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Is your feature request related to a problem? Please describe.
It would be nice if gitleaks had a validate command that would validate examples found in the config rules. Introducing such a feature would speed up rule development and help with debugging.
Describe the solution you'd like
example entry in the rules tables
ex:
[[rules]]
id = "discord-client-secret"
desProwler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks. Enterprise version:
Security scanner for your Terraform code
Describe the issue
I wouldn't expect to get the alert if not defined explicitly.
Examples
https://github.com/hashicorp/terraform-provider-google/releases/tag/v4.0.0
Version (please complete the following information):
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Collaborative Penetration Test and Vulnerability Management Platform
An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.
Extremely useful when running the tool without halting a pipeline for example.
I currently use a workaround, but something more concrete would be very desira
Ultimate DevSecOps library
Slack us first!
Hello. I write about problem here:
https://owasp.slack.com/archives/C2P5BA8MN/p1624892081234100
Be informative
As additional into slack I find the same behaviour with Risk Accepted findings. Into Metrics I see 0 Risk Accepted findings, but I have 1 Risk Accepted finding
Bug description
No error. Metrics into product, or metrics dushboard has incorrect info
Kubernetes Goat
nodejsscan is a static security code scanner for Node.js applications.
Centralize Vulnerability Assessment and Management for DevSecOps Team
WireGuard®-based VPN server and firewall
The current swagger definition is autogenerated. The automatically generated definitions rely on reflection and annotations to create the documentation. The reflection capabilities are poor at best and lead to missing API parameters. Annotations can help in some cases, but the only fix for Swagger is to create individual POJOs for every possible request. This will lead to unnecessary large number
LunaSec - Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. Get started in one-click via our GitHub App or host it yourself. https://github.com/apps/lunatrace-by-lunasec/
Checklist for container security - devsecops practices
Python 3.10 has been released for several months now. We should add it to the test matrix.
CMS Scanner: Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues
Awesome PHP Security Resources
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
kube-scan: Octarine k8s cluster risk assessment tool
Continuously monitor your AWS attack surface and evaluate services for configurations that can lead to degradation of confidentiality, integrity or availability. All results can be exported to Security Hub, JSON, CSV, Databases, and more for further aggregation and analysis.
Add a description, image, and links to the devsecops topic page so that developers can more easily learn about it.
To associate your repository with the devsecops topic, visit your repo's landing page and select "manage topics."
Hi, when will Ubuntu 22.04 be supported for APT?
Attempting to install on Jammy using APT shows an error: