Open Source Cloud Native Application Protection Platform (CNAPP)
-
Updated
Jun 12, 2024 - TypeScript
Open Source Cloud Native Application Protection Platform (CNAPP)
Automated security decision making under uncertainty
Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework
🧵 CLI tool for directly patching container images using reports from vulnerability scanners
WireGuard®-based zero-trust access platform with OIDC auth, identity sync, and NAT traversal.
PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
Website, courses documentation, blog and youtube video tracker.
Vulnerability assessment and penetration testing automation and reporting platform for teams.
BigBang the product
DevSecOps, ASPM, Vulnerability Management. All on one platform.
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Find and verify secrets
Computer Science and Engineering (CSE) is a multidisciplinary field that combines elements of computer science and computer engineering to design, develop, and maintain computer systems and software. It is a rapidly evolving field that plays a crucial role in shaping the modern world.
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
secureCodeBox (SCB) - continuous secure delivery out of the box
🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍
Add a description, image, and links to the devsecops topic page so that developers can more easily learn about it.
To associate your repository with the devsecops topic, visit your repo's landing page and select "manage topics."