Checkmarx / kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
☆2,024Updated this week
Related projects: ⓘ
- TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how…☆1,135Updated this week
- OpenClarity is an open source tool built to enhance security and observability of cloud native applications and infrastructure☆1,315Updated this week
- Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes se…☆960Updated 2 weeks ago
- Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source pa…☆6,987Updated this week
- Tfsec is now part of Trivy☆6,659Updated last week
- Detect, track and alert on infrastructure drift☆2,448Updated 2 months ago
- ☆478Updated last week
- Moved to https://github.com/aquasecurity/trivy-operator☆1,348Updated 2 months ago
- Extensible auto-tagger for your IaC files. The ultimate way to link entities in the cloud back to the codified resource which created it.☆809Updated this week
- Security risk analysis for Kubernetes resources☆1,211Updated this week
- A Blazing fast Security Auditing tool for Kubernetes☆985Updated 5 months ago
- Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.☆4,684Updated last week
- Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities☆772Updated last month
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆717Updated 2 months ago
- Hunt for security weaknesses in Kubernetes clusters☆4,715Updated 6 months ago
- Read your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.☆1,706Updated 3 months ago
- Reads from existing public and private cloud providers (reverse Terraform) and generates your infrastructure as code on Terraform configu…☆2,173Updated 4 months ago
- A curated list for Awesome Kubernetes Security resources☆1,908Updated 11 months ago
- Write tests against structured configuration data using the Open Policy Agent Rego query language☆2,848Updated this week
- A curated list of awesome Kubernetes security resources☆896Updated 9 months ago
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆790Updated last year
- A tool to scan Kubernetes cluster for risky permissions☆1,311Updated 2 months ago
- Interactive Terraform visualization. State and configuration explorer.☆3,005Updated 2 months ago
- kubeaudit helps you audit your Kubernetes clusters against common security controls☆1,895Updated 3 weeks ago
- The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.☆827Updated 2 months ago
- Kubernetes Security Training Platform - focusing on security mitigation☆926Updated 2 weeks ago
- A service that analyzes docker images and scans for vulnerabilities☆1,581Updated last year
- Supply-chain Levels for Software Artifacts☆1,521Updated this week
- Checklist for container security - devsecops practices☆1,504Updated 11 months ago
- Kubernetes-native security toolkit☆1,196Updated this week