devsecops · GitHub Topics | GitHub 中文社区

gitleaks

@gitleaks

Gitleaks 是一个开源SAST（静态应用安全测试）命令行工具，用于检测Git 仓库以防止把密码、API 密钥和访问令牌等机密信息硬编码到代码中

security security-tools git golang go secret gitleaks devsecops hacktoberfest

Go18 k

3 天前

trufflehog

@trufflesecurity

TruffleHog 是一个用来探测泄漏密钥的工具，支持扫描的数据源包括git、github、gitlab、S3、文件系统、文件和标准输入

secret trufflehog credentials security devsecops dynamic-analysis security-tools secrets verification hacktoberfest

Go17.34 k

2 小时前

netmaker

@gravitl

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

翻译 - Netmaker制造网络。 Netmaker使在所有环境中的联网变得轻松，快速和安全。

wireguard virtual-network vpn mesh zero-trust devsecops networking network k8s kubernetes

Go9.52 k

6 天前

DevSecOps

@sottlmarek

#Awesome# Ultimate DevSecOps library

翻译 - 终极 DevSecOps 库

security devops devsecops cloud tool aws k8s docker awesome-list azure

5.76 k

1 天前

ThreatMapper

@deepfence

Open Source Cloud Native Application Protection Platform (CNAPP)

翻译 - 识别运行容器、图像、主机和存储库中的漏洞

cloud-native vulnerability-management threat-analysis devsecops secops registry-scanning security-tools cwpp observability cloudsecurity

TypeScript4.85 k

9 小时前

terrascan

@tenable

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

翻译 - 在配置云原生基础架构之前，将整个基础架构中的合规性和安全违规行为作为代码进行检测，以降低风险。

security-tools infrastructure-as-code devsecops devops security terraform aws cloudsecurity cloud-security terrascan

Go4.77 k

10 天前

dalfox

HAHWUL@hahwul

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

翻译 - 🦊DalFox（XSS的查找器）/基于golang的参数分析和XSS扫描工具

xss security bugbounty bugbounty-tool golang xss-scanner devsecops cicd-pipeline vulnerability xss-detection

Go3.77 k

6 天前

ContainerSSH

@ContainerSSH

ContainerSSH: Launch containers on demand

翻译 - ContainerSSH：启动容器的SSH服务器

docker ssh containers kubernetes security-tools devsecops security

Go2.45 k

1 年前

nodejsscan

Ajin Abraham@ajinabraham

nodejsscan is a static security code scanner for Node.js applications.

翻译 - nodejsscan是用于Node.js应用程序的静态安全代码扫描程序。

javascript nodejs static-analysis security security-scanner sast devsecops code-analysis code-review node

CSS2.4 k

9 天前

bearer

@Bearer

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

appsec compliance devsecops devsecops-tools security security-tools dataflow gdpr privacy sast

Go2.04 k

7 天前

cicd-goat

@cider-security-research

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

appsec cicd devops infosec devsecops security jenkins ctf

Python1.95 k

4 个月前

DevSecOps-Playbook

@6mile

This is a step-by-step guide to implementing a DevSecOps program for any size organization

devsecops security playbook

1.89 k

8 个月前

DevSecOps

HAHWUL@hahwul

#新手入门# ♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎

翻译 - 🔱适用于所有需要DevSecOps的人的收藏和路线图。

devsecops devops roadmap security awesome-list collections tools

Go1.8 k

1 个月前

noseyparker

@praetorian-inc

Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.

credentials devsecops penetration-testing rust scanner security security-tools

Rust1.69 k

2 天前

ggshield

@GitGuardian

Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

翻译 - GitGuardian Shield：使用GitGuardian保护您的秘密

python cli ci security-tools devsecops shift-left secrets-detection gitguardian

Python1.68 k

2 天前

container-security-checklist

@krol3

Checklist for container security - devsecops practices

翻译 - Checklist for container security - devsecops practices

containers devsecops security

1.53 k

1 年前

YaraHunter

@deepfence

🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

devsecops devsecops-best-practices devsecops-pipeline ioc malware threat-hunting yara yara-scanner ci-cd hacktoberfest

Go1.27 k

8 天前

DongTai

@HXSecurity

Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through p...

翻译 - 东泰是一款交互式应用安全测试（IAST）产品，支持检测OWASP WEB TOP 10漏洞、多请求相关漏洞（包括逻辑漏洞、未授权访问漏洞等）、第三方组件漏洞等。

iast security devsecops appsec-tutorials applicationsecuritymonitoring dongtai-iast dongtai

Python1.25 k

6 个月前

wrongsecrets

Web应用程序安全项目@OWASP

Vulnerable app with examples showing how to not use secrets

翻译 - 有关如何不使用机密的示例

hashicorp-vault terraform-aws java kubernetes secrets secrets-management vault devsecops security aws

Java1.24 k

4 天前

OpenSCA-cli

@XmirrorSecurity

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the ...

翻译 - OpenSCA 是一种软件组合分析 (SCA) 解决方案，支持检测开源组件依赖项和漏洞。

sca devsecops opensca security

Go1.09 k

1 个月前