SpectralOps / preflight
preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack.
☆153Updated 2 years ago
Alternatives and similar repositories for preflight:
Users that are interested in preflight are comparing it to the libraries listed below
- A catalog of SaaS APIs and their security levels, compliance, and regulation like GDPR, ISO27001, PCI and others☆124Updated 3 years ago
- Spectral Security Integration into your Github Actions pipeline☆14Updated 9 months ago
- Monitor your code for exposed API keys, tokens, credentials, and high-risk security IaC misconfigurations☆18Updated last year
- Keyscope is a key and secret workflow (validation, invalidation, etc.) tool built in Rust☆386Updated last week
- Discover internet-wide misconfigurations while drinking coffee☆387Updated 3 years ago
- Friends don't let friends leak secrets on their terminal window☆104Updated 3 years ago
- Allows you to manage configuration and secrets from multiple provider while masking the secrets at the deployment☆73Updated 2 years ago
- This repo is meant to be a place where AWS concepts, documentation, guides, and code can be shared freely. All credit for work is attribu…☆249Updated 4 years ago
- Evaluate source control (GitHub) security posture��☆249Updated last year
- Kubernetes Master Class☆209Updated 2 years ago
- Open source compliance tool for development platforms.☆287Updated last year
- ☆111Updated 3 weeks ago
- A Golang program to rotate AWS & GCP account keys☆65Updated this week
- By scanning CI/CD misconfigurations, Allero helps reduce production issues, harden your security posture and shift-left CI/CD from DevOps…☆205Updated last year
- The Amazon Elastic Kubernetes Service (EKS) Creation Engine (ECE) is a Python command-line program created by the Lightspin Office of the…☆40Updated 2 years ago
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆77Updated 3 weeks ago
- A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.☆186Updated last year
- Identity & Access Management simplified and secure.☆251Updated last year
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆170Updated 2 months ago
- Inspect certificate authorities in container images☆229Updated 8 months ago
- Rego policies for enterprise-scale Compliance-as-Code with OPA Conftest.☆58Updated last year
- Documenting your Threat Models with HCL☆413Updated 4 months ago
- Check Point shiftleft documentation and examples☆14Updated 4 years ago
- OWASP Foundation Web Respository☆81Updated last week
- A tool to check the security settings of Github Organizations.☆70Updated last year
- A fuzzy-finder command-line tool for removing resources from terraform state☆37Updated last year
- Notice: Postee is no longer under active development or maintenance.☆210Updated this week
- The next generation of Infrastructure-as-Code. Work with high-level constructs instead of getting lost in low-level cloud configuration.☆908Updated last year
- A multi-vault secret injection tool for safely injecting secrets into app environment☆111Updated 2 weeks ago
- Website and API for OpenSSF Scorecard☆23Updated this week