#go #awesome_list #collections #devops #devsecops #roadmap #security #tools
https://github.com/hahwul/DevSecOps
https://github.com/hahwul/DevSecOps
GitHub
GitHub - hahwul/DevSecOps: ♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎
♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎 - hahwul/DevSecOps
#python #appsec #cicd #ctf #devops #devsecops #infosec #jenkins #security
https://github.com/cider-security-research/cicd-goat
https://github.com/cider-security-research/cicd-goat
GitHub
GitHub - cider-security-research/cicd-goat: A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple…
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges. - cider-security-research/cicd-goat
#open_policy_agent #appsec #cloudnative #devsecops #golang #hacktoberfest #iac #infrastructure_as_code #open_policy_agent #security #security_tools #vulnerability_detection #vulnerability_scanners
https://github.com/Checkmarx/kics
https://github.com/Checkmarx/kics
GitHub
GitHub - Checkmarx/kics: Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development…
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. - Checkmarx/kics
#java #aws #azure #ctf #devsecops #docker #gcp #hashicorp_vault #keepass #kubernetes #secrets #secrets_management #security #terraform_aws #terraform_azure #terraform_gcp #vault #vulnerable_web_app
https://github.com/OWASP/wrongsecrets
https://github.com/OWASP/wrongsecrets
GitHub
GitHub - OWASP/wrongsecrets: Vulnerable app with examples showing how to not use secrets
Vulnerable app with examples showing how to not use secrets - OWASP/wrongsecrets
#go #bounty #csv #devsecops #golang #graphviz #html #json #markdown #nmap #pentesting #port_scanner #port_scanning #scan #scanner #security #security_tools #sqlite #xml #xml_parsing
https://github.com/vdjagilev/nmap-formatter
https://github.com/vdjagilev/nmap-formatter
GitHub
GitHub - vdjagilev/nmap-formatter: A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot)…
A tool that allows you to convert NMAP results to html, csv, json, markdown, graphviz (dot), sqlite, excel and d2-lang. Simply put it's nmap converter. - vdjagilev/nmap-formatter
👍2👌1
#html #blueteam #cloud_native #cloud_security #cloudsecurity #container #container_security #devsecops #docker #hacking #infrastructure #k8s #kubernetes #kubernetes_goat #kubernetes_security #owasp #pentesting #redteam #security #vulnerable_app
https://github.com/madhuakula/kubernetes-goat
https://github.com/madhuakula/kubernetes-goat
GitHub
GitHub - madhuakula/kubernetes-goat: Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes…
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀 - madhuakula/kubernetes-goat
👍3
#go #containers #devsecops #docker #go #golang #hacktoberfest #iac #infrastructure_as_code #kubernetes #misconfiguration #security #security_tools #vulnerability #vulnerability_detection #vulnerability_scanners
Trivy is a powerful tool that helps you find security issues in various places like container images, filesystems, Git repositories, and more. It checks for vulnerabilities, misconfigurations, sensitive information, and software licenses. Trivy supports many programming languages and platforms, making it very versatile. You can easily install it using methods like `brew install trivy` or `docker run aquasec/trivy`. It also integrates with popular tools like GitHub Actions and Kubernetes. Using Trivy helps you secure your projects by identifying potential security problems early, which is very beneficial for keeping your software safe and reliable.
https://github.com/aquasecurity/trivy
Trivy is a powerful tool that helps you find security issues in various places like container images, filesystems, Git repositories, and more. It checks for vulnerabilities, misconfigurations, sensitive information, and software licenses. Trivy supports many programming languages and platforms, making it very versatile. You can easily install it using methods like `brew install trivy` or `docker run aquasec/trivy`. It also integrates with popular tools like GitHub Actions and Kubernetes. Using Trivy helps you secure your projects by identifying potential security problems early, which is very beneficial for keeping your software safe and reliable.
https://github.com/aquasecurity/trivy
GitHub
GitHub - aquasecurity/trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories…
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more - aquasecurity/trivy
#go #devsecops #git #gitleaks #go #golang #hacktoberfest #secret #security #security_tools
Gitleaks is a tool that helps you find and prevent hardcoded secrets like passwords, API keys, and tokens in your git repositories. It's easy to use and can be installed via Homebrew, Docker, or Go. You can run Gitleaks as a pre-commit hook or as a GitHub action to automatically check your code for secrets before committing.
Using Gitleaks benefits you by ensuring your sensitive information is not accidentally exposed in your code, making your projects more secure. It scans your repository for any hidden secrets and alerts you, so you can remove them before they become public. This protects your project from potential security breaches and maintains the confidentiality of your credentials.
https://github.com/gitleaks/gitleaks
Gitleaks is a tool that helps you find and prevent hardcoded secrets like passwords, API keys, and tokens in your git repositories. It's easy to use and can be installed via Homebrew, Docker, or Go. You can run Gitleaks as a pre-commit hook or as a GitHub action to automatically check your code for secrets before committing.
Using Gitleaks benefits you by ensuring your sensitive information is not accidentally exposed in your code, making your projects more secure. It scans your repository for any hidden secrets and alerts you, so you can remove them before they become public. This protects your project from potential security breaches and maintains the confidentiality of your credentials.
https://github.com/gitleaks/gitleaks
GitHub
GitHub - gitleaks/gitleaks: Find secrets with Gitleaks 🔑
Find secrets with Gitleaks 🔑. Contribute to gitleaks/gitleaks development by creating an account on GitHub.
#go #credentials #devsecops #dynamic_analysis #hacktoberfest #precommit #scanning #secret #secret_management #secrets #security #security_tools #trufflehog #verification
TruffleHog is a powerful tool that helps you find and verify leaked credentials in various places like Git repositories, chats, wikis, logs, and more. Here’s how it benefits you TruffleHog can search for secrets in many different sources such as Git, chats, wikis, logs, and file systems.
- **Classification** For each found secret, TruffleHog checks if it is live and active.
- **Analysis**: It provides detailed information about the secret, such as who created it and what resources it can access.
Using TruffleHog helps you protect your credentials by detecting and verifying them before they cause any harm. You can install it via various methods like Docker, binary releases, or compiling from source, making it easy to integrate into your security workflow.
https://github.com/trufflesecurity/trufflehog
TruffleHog is a powerful tool that helps you find and verify leaked credentials in various places like Git repositories, chats, wikis, logs, and more. Here’s how it benefits you TruffleHog can search for secrets in many different sources such as Git, chats, wikis, logs, and file systems.
- **Classification** For each found secret, TruffleHog checks if it is live and active.
- **Analysis**: It provides detailed information about the secret, such as who created it and what resources it can access.
Using TruffleHog helps you protect your credentials by detecting and verifying them before they cause any harm. You can install it via various methods like Docker, binary releases, or compiling from source, making it easy to integrate into your security workflow.
https://github.com/trufflesecurity/trufflehog
GitHub
GitHub - trufflesecurity/trufflehog: Find, verify, and analyze leaked credentials
Find, verify, and analyze leaked credentials. Contribute to trufflesecurity/trufflehog development by creating an account on GitHub.
#go #cicd #data_masking #data_security #database_access #dbeaver #devsecops #flyway #gitops #liquibase #mongodb #mysql #oracle #pam #postgresql #schema_migrations #security #snowflake #sql_client #sqlserver #tidb
Bytebase is a tool that helps manage databases more efficiently. It automates tasks like schema migrations and backups, making it easier to collaborate on database changes. Bytebase supports multiple databases and integrates well with CI/CD pipelines. It also provides features like role-based access control and data masking for better security. Using Bytebase simplifies database management, reduces errors, and saves time, making it beneficial for developers and database administrators.
https://github.com/bytebase/bytebase
Bytebase is a tool that helps manage databases more efficiently. It automates tasks like schema migrations and backups, making it easier to collaborate on database changes. Bytebase supports multiple databases and integrates well with CI/CD pipelines. It also provides features like role-based access control and data masking for better security. Using Bytebase simplifies database management, reduces errors, and saves time, making it beneficial for developers and database administrators.
https://github.com/bytebase/bytebase
GitHub
GitHub - bytebase/bytebase: World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering…
World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps. - bytebase/bytebase
#go #cloud #devsecops #k8s #kubernetes #mesh #mesh_network #network #networking #overlay_network #security #self_hosted #virtual_network #virtual_networking #vpn #vpn_server #wg_quick #wireguard #wireguard_ui #wireguard_vpn #zero_trust
Netmaker is a powerful tool for creating and managing secure networks. It uses WireGuard to provide fast and secure connections, allowing you to connect devices anywhere in the world. With features like mesh VPNs and multi-network segmentation, you can organize your networks securely and efficiently. Netmaker also offers robust access controls and integration with OAuth for secure user management. This helps keep your network safe and compliant, making it ideal for businesses managing complex network setups.
https://github.com/gravitl/netmaker
Netmaker is a powerful tool for creating and managing secure networks. It uses WireGuard to provide fast and secure connections, allowing you to connect devices anywhere in the world. With features like mesh VPNs and multi-network segmentation, you can organize your networks securely and efficiently. Netmaker also offers robust access controls and integration with OAuth for secure user management. This helps keep your network safe and compliant, making it ideal for businesses managing complex network setups.
https://github.com/gravitl/netmaker
GitHub
GitHub - gravitl/netmaker: Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks. - gravitl/netmaker
#python #ai #bug_detection #code_audit #code_quality #code_review #developer_tools #devsecops #google_gemini #llm #react #sast #security_scanner #supabase #typescript #vite #vulnerability_scanner #xai
**DeepAudit** is an AI-powered code audit tool using multi-agent collaboration to deeply scan projects for vulnerabilities like SQL injection, XSS, and path traversal. Import code from GitHub/GitLab or paste snippets; agents plan, analyze with RAG knowledge, and verify issues via secure Docker sandbox PoCs, generating PDF reports with fix suggestions. Deploy easily with one Docker command, supports local Ollama models for privacy, and cuts traditional tools' high false positives. **You benefit** by automating secure audits like a pro hacker—saving time, reducing errors, ensuring real exploits are caught, and speeding safe releases without manual hassle.
https://github.com/lintsinghua/DeepAudit
**DeepAudit** is an AI-powered code audit tool using multi-agent collaboration to deeply scan projects for vulnerabilities like SQL injection, XSS, and path traversal. Import code from GitHub/GitLab or paste snippets; agents plan, analyze with RAG knowledge, and verify issues via secure Docker sandbox PoCs, generating PDF reports with fix suggestions. Deploy easily with one Docker command, supports local Ollama models for privacy, and cuts traditional tools' high false positives. **You benefit** by automating secure audits like a pro hacker—saving time, reducing errors, ensuring real exploits are caught, and speeding safe releases without manual hassle.
https://github.com/lintsinghua/DeepAudit
GitHub
GitHub - lintsinghua/DeepAudit: DeepAudit:人人拥有的 AI 黑客战队,让漏洞挖掘触手可及。国内首个开源代码漏洞挖掘多智能体系统。小白一键部署运行,自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署…
DeepAudit:人人拥有的 AI 黑客战队,让漏洞挖掘触手可及。国内首个开源代码漏洞挖掘多智能体系统。小白一键部署运行,自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ,一键生成报告。让安全不再昂贵,让审计不再复杂。 - lintsinghua/DeepAudit