MobSF (移动端安全框架)是一个自动化的移动端应用程序(Android/iOS/Windows)安全问题检出的框架和工具,可以进行静态和动态分析的渗透测试,恶意软件分析和安全评估
TruffleHog 是一个用来探测泄漏密钥的工具,支持扫描的数据源包括git、github、gitlab、S3、文件系统、文件和标准输入
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics re...
翻译 - Prowler 是一种安全工具,用于执行 AWS 安全最佳实践评估、审计、事件响应、持续监控、强化和取证准备。它包含此处列出的所有 CIS 控件 https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf 以及 100 多项有助于满足 GDPR、HIPAA 和其他安全要求的额外检查。
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
翻译 - Netmaker制造网络。 Netmaker使在所有环境中的联网变得轻松,快速和安全。
🛡️ Open-source and next-generation Web Application Firewall (WAF)
翻译 - nginx Docker镜像默认是安全的。
#Awesome#Ultimate DevSecOps library
翻译 - 终极 DevSecOps 库
Open Source Cloud Native Application Protection Platform (CNAPP)
翻译 - 识别运行容器、图像、主机和存储库中的漏洞
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
翻译 - 在配置云原生基础架构之前,将整个基础架构中的合规性和安全违规行为作为代码进行检测,以降低风险。
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
翻译 - 🦊DalFox(XSS的查找器)/基于golang的参数分析和XSS扫描工具
DevSecOps, ASPM, Vulnerability Management. All on one platform.
翻译 - DefectDojo是一个开源应用程序漏洞关联和安全协调工具。
ContainerSSH: Launch containers on demand
翻译 - ContainerSSH:启动容器的SSH服务器
nodejsscan is a static security code scanner for Node.js applications.
翻译 - nodejsscan是用于Node.js应用程序的静态安全代码扫描程序。
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
This is a step-by-step guide to implementing a DevSecOps program for any size organization
#新手入门#♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
翻译 - 🔱适用于所有需要DevSecOps的人的收藏和路线图。
Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
翻译 - GitGuardian Shield:使用GitGuardian保护您的秘密