26 tools and resources
Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
VIDOC is an AI-powered security tool that automates code review, detects and fixes vulnerabilities, and monitors external security, ensuring the integrity of both human-written and AI-generated code in software development pipelines.
BuiltWith API client
Monitors GitHub for leaked secrets
A simple Swagger-ui scanner that detects old versions vulnerable to various XSS attacks
Open Redirection Analyzer
A GitHub App that monitors GitHub organizations or repositories for adherence to security best practices and detects policy violations.
Self-hosted Fuzzing-As-A-Service platform for continuous developer-driven fuzzing.
Mitigate security concerns of Dependency Confusion supply chain security risks.
A learning and training project demonstrating common configuration errors in cloud environments.
Metadata repository with installation tools and cloud provider support.
Create Docker container images for testing and long-term use.
A game packed with real-life examples of how not to store secrets in software, with 46 challenges to solve.
A DevSecOps command line asset inventory tool
Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.
A compilation of suggested tools for each component in a detection and response pipeline, with real-world examples, to design effective threat detection and response pipelines.
A scalable python framework for security research and development teams.
A web security tool that scans for vulnerabilities and known attacks.
A free training course and lab environment for learning to test and attack cloud infrastructure, including AWS and Azure.
A centralized platform for managing open source components and automating software supply chain security.
A tool to conduct preliminary security checks in code, infrastructure, or IAM configurations using various open-source tools.
Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.
Docker's Actuary automates security best-practices checks for Docker containers.
A tool for static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers
Learn how to integrate security into Agile development teams for high performance
Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications with a pluggable infrastructure for integration with vulnerabilities databases.
