Devsecops

KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.

Container image definitions that create standardized testing environments for software applications with consistent dependencies and configurations.

An open-source framework that detects and prevents dependency confusion attacks across multiple package management systems and development environments.

cfn-nag is a static analysis tool that scans AWS CloudFormation templates to identify security vulnerabilities and misconfigurations in infrastructure-as-code.

Clinv is a command line DevSecOps asset inventory tool for tracking and managing digital assets across organizational infrastructure.

A collection of AWS-native scripts and automation tools for DevSecOps, incident response, and security remediation in cloud environments.

SecretScanner is a standalone tool that scans container images and filesystems to detect approximately 140 types of unprotected secrets and sensitive credentials.

A compilation of suggested tools for each component in a detection and response pipeline, with real-world examples, to design effective threat detection and response pipelines.

A scalable python framework for security research and development teams.

A web security tool that scans for vulnerabilities and known attacks.

A tool that combines multiple open source Git scanning utilities to detect and list secrets stored in Git repositories for security audits and compliance checks.

Buildah is a command-line tool for building and managing container images in OCI and Docker formats without requiring a running daemon.

A training program that teaches security professionals how to conduct penetration testing and attack simulations against AWS and Azure cloud infrastructure.

A Docker MultiStage build implementation that integrates CVE scanning into Alpine Linux container builds using Docker 17.05's build-time vulnerability assessment capabilities.

A centralized platform for managing open source components and automating software supply chain security.

A Helm plugin that decrypts encrypted value files using sops encryption and integrates with cloud secret managers for secure secrets management in Kubernetes deployments.

A command-line interface tool for managing container image security analysis, vulnerability scanning, and policy enforcement through the Anchore Engine REST API.

CVE Ape is an open source tool that creates a local CVE database from the National Vulnerability Database for offline vulnerability searching by package name, vendor, or OS components.

A secrets detection tool that scans GitHub, GitLab, and Bitbucket repositories to identify API keys, access tokens, and other sensitive information in source code.

ASH is an automated security scanning tool that integrates multiple open-source security scanners to perform preliminary security checks on code, infrastructure, and IAM configurations during development.

Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.

Dagda is a Docker security tool that performs static vulnerability analysis of container images and monitors running containers for malicious threats and anomalous activities.

Learn how to integrate security into Agile development teams for high performance

Atomic Reactor is a Python library and CLI tool for building Docker images with advanced features including Git integration, registry operations, and build system integration.