Ci Cd

A self-managed static code analysis platform that conducts continuous inspection of codebases to identify security vulnerabilities, bugs, and code quality issues.

A security analysis platform that combines SAST, SCA, SBOM generation and AI-assisted remediation to detect and fix vulnerabilities during the software development lifecycle.

API security platform that combines discovery, testing, and monitoring capabilities to identify and protect against API vulnerabilities throughout the development lifecycle.

An API security platform that discovers, documents, and tests APIs throughout the development lifecycle while maintaining a centralized catalog of all API assets.

A DAST solution that performs automated security testing of APIs and web applications within development workflows and CI/CD pipelines.

Backslash Security is an application security platform that uses reachability analysis to enhance SAST and SCA, prioritize vulnerabilities, and provide remediation guidance.

Octoscan is a static analysis tool that scans GitHub Actions workflows for security vulnerabilities and misconfigurations.

A visual guide that maps attack vectors and exploitation techniques for identifying vulnerabilities in GitHub Actions configurations and CI/CD pipelines.

StepSecurity is a platform that enhances GitHub Actions security by providing network egress control, risk discovery, action replacement, and security best practices orchestration.

A developer-first, API-driven platform that provides development teams with a suite of tools to improve code quality, security, and engineering performance, seamlessly integrated into their existing development workflows.

A pre-commit security tool that scans source code repositories to detect and prevent secrets like API keys, passwords, and credentials from being committed to version control systems.

A sensitive data detection tool for scanning source code repositories

YaraHunter scans container images, running Docker containers, and filesystems using YARA rules to detect malware indicators and signs of compromise.

A tool to run YARA rules against node_module folders to identify suspicious scripts

KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.

An open-source framework that detects and prevents dependency confusion attacks across multiple package management systems and development environments.

cfn-nag is a static analysis tool that scans AWS CloudFormation templates to identify security vulnerabilities and misconfigurations in infrastructure-as-code.

An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.

Deliberately vulnerable CI/CD environment with 11 challenges to practice security.

A compilation of suggested tools for each component in a detection and response pipeline, with real-world examples, to design effective threat detection and response pipelines.

A GitHub action that lints AWS IAM policy documents to identify security issues and misconfigurations with configurable severity levels and custom rules.

A Docker MultiStage build implementation that integrates CVE scanning into Alpine Linux container builds using Docker 17.05's build-time vulnerability assessment capabilities.

A Python command line tool that scans directories for AWS credentials in files, designed for CI/CD integration to prevent credential exposure in builds.

CVE Ape is an open source tool that creates a local CVE database from the National Vulnerability Database for offline vulnerability searching by package name, vendor, or OS components.