MaibornWolff / dd-import
A utility to (re-)import findings and language data into DefectDojo
☆42Updated last month
Related projects ⓘ
Alternatives and complementary repositories for dd-import
- Discover vulnerabilities and container image misconfiguration in production environments.☆53Updated 2 months ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆169Updated 9 months ago
- OWASP Foundation Web Respository☆79Updated 2 months ago
- Protect against subdomain takeover☆92Updated 5 months ago
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆55Updated 4 months ago
- boostsecurityio/poutine☆231Updated this week
- OWASP Kubernetes Security Testing Guide☆37Updated 2 months ago
- OWASP Kubernetes security and compliance tool [WIP]☆104Updated last year
- 🖇️ STRIDE vs. ASVS equivalence table☆75Updated 2 months ago
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆126Updated 9 months ago
- A small tool to help developers understand a huge set of security requirements from appsec teams☆45Updated 2 years ago
- Count distinct contributor of Snyk watched repos across several SCM☆30Updated 4 months ago
- The security workflow engine!☆73Updated this week
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆110Updated last year
- boostsecurityio/lotp☆101Updated 7 months ago
- ☆121Updated last year
- Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently …☆253Updated last week
- Test & Compare different Kubernetes security offerings on EKS, GKE and AKS☆34Updated 2 months ago
- 🧰 Multi Tool Kubernetes Pentest Image☆215Updated 2 months ago
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆151Updated 2 months ago
- Curating Falco rules with MITRE ATT&CK Matrix☆74Updated 8 months ago
- This Repository contains the stable beta preview of the next major secureCodeBox (SCB) release v2.0.0.☆24Updated 4 years ago
- OWASP Foundation Web Respository☆54Updated last year
- 🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.☆33Updated last month
- SecObserve is an open source vulnerability management system for software development and cloud environments. It supports a variety of op…☆95Updated this week
- NextJS-based single-page application for completing and reviewing SAMM assessments☆69Updated last year
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆57Updated last year
- Compares and analyzes GCP IAM roles.☆76Updated 5 months ago
- The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use …☆61Updated 5 months ago
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆59Updated 8 months ago