Alternatives and similar repositories for cumulus:

Users that are interested in cumulus are comparing it to the libraries listed below

• SAP / cloud-active-defense
  Add a layer of active defense to your cloud applications.
  ☆88Updated last week
• iriusrisk / OpenThreatModel
  The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.
  ☆170Updated 2 months ago
• MaibornWolff / dd-import
  A utility to (re-)import findings and language data into DefectDojo
  ☆42Updated 4 months ago
• DataDog / supply-chain-firewall
  A tool for preventing the installation of malicious PyPI and npm packages
  ☆120Updated last month
• theparanoids / PrioritizedRiskRemediation
  A Risk-Based Prioritization Taxonomy for prioritizing CVEs (Common Vulnerabilities and Exposures).
  ☆70Updated 8 months ago
• latiotech / insecure-kubernetes-deployments
  A full insecure kubernetes application for testing security tools
  ☆64Updated last week
• AppSecure-nrw / security-belts
  ☆105Updated 6 months ago
• offensive-actions / terraform-provider-statefile-rce
  This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.
  ☆50Updated this week
• SecurityRunners / CloudCommotion
  Cloud Commotion intends to cause chaos to simulate security incidents
  ☆142Updated 7 months ago
• StevenSmiley / aws-mine
  AWS honey token manager
  ☆87Updated 5 months ago
• MaibornWolff / SecObserve
  SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It suppor…
  ☆110Updated this week
• hashicorp-forge / semgrep-rules
  HashiCorp-relevant rules for the Semgrep code analysis tool
  ☆39Updated last year
• WithSecureLabs / cloud-security-vm
  Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments
  ☆134Updated 3 weeks ago
• OWASP / www-project-top-10-ci-cd-security-risks
  OWASP Foundation Web Respository
  ☆81Updated last week
• saw-your-packet / CloudShovel
  A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…
  ☆98Updated 2 months ago
• TNG / elevation-of-privilege
  An online multiplayer version of the threat modeling card games: Elevation of Privilege (EoP), OWASP Cornucopia, OWASP Cumulus, and Eleva…
  ☆64Updated this week
• google / localtoast
  ☆111Updated 3 weeks ago
• orcasecurity-research / kte
  Test & Compare different Kubernetes security offerings on EKS, GKE and AKS
  ☆36Updated 5 months ago
• Rezonate-io / github-oidc-checker
  Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts
  ☆60Updated last year
• Permiso-io-tools / cloudtail
  ☆26Updated 2 months ago
• SDA-SE / cluster-image-scanner
  Discover vulnerabilities and container image misconfiguration in production environments.
  ☆54Updated last week
• CycloneDX / Sunshine
  Sunshine - SBOM visualization tool
  ☆30Updated this week
• jstawinski / GitHub-Actions-Attack-Diagram
  ☆161Updated 4 months ago
• DataDog / undocumented-aws-api-hunter
  A tool to uncover undocumented APIs from the AWS Console.
  ☆95Updated 2 months ago
• mllamazares / STRIDE-vs-ASVS
  🖇️ STRIDE vs. ASVS equivalence table
  ☆75Updated 5 months ago
• elementsinteractive / twyn
  Security tool against dependency typosquatting attacks
  ☆39Updated this week
• dark-warlord14 / CVENotifier
  Customized CVE FEED Notifier
  ☆108Updated 6 months ago
• vectra-ai-research / derf
  DeRF (Detection Replay Framework) is an "Attacks As A Service" framework, allowing the emulation of offensive techniques and generation o…
  ☆90Updated last year
• Cybr-Inc / CloudSec
  Public repository of all things cloud security.
  ☆40Updated 4 months ago
• bullfrogsec / bullfrog
  Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows
  ☆82Updated this week