appsecpipeline / gasp-docker

Related projects ⓘ

Alternatives and complementary repositories for gasp-docker

• smithy-security / smithy
  The security workflow engine!
  ☆73Updated this week
• nccgroup / ConMachi
  Container Blackbox Security Auditing Tool: enumerates security configuration from within the target container
  ☆92Updated 5 years ago
• omerlh / zap-operator
  ☆21Updated 4 years ago
• ttarvis / glasgo
  A Security Scanner for Go
  ☆26Updated 5 years ago
• marklechner / priscope
  A security tool designed to help review merged code changes to open source maintained repositories via LLM assisted review to safeguard a…
  ☆27Updated 3 weeks ago
• OWASP / Cloud-Native-Application-Security-Top-10
  ☆20Updated 6 years ago
• OWASP / packman
  A documentation and tracking project with the goal of making package management systems more secure.
  ☆49Updated 3 years ago
• rusakovichma / TicTaaC
  Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …
  ☆55Updated 4 months ago
• CloudWanderer-io / PolicyGlass
  PolicyGlass allows you to analyse one or more AWS policies' effective permissions in aggregate, by restating them in the form of PolicySh…
  ☆58Updated 2 years ago
• somethingnew2-0 / SimpleCSPM
  GCP CSPM using Google Sheets
  ☆34Updated 5 months ago
• wurstbrot / security-pins
  Pin designs for security related items
  ☆37Updated 6 months ago
• OWASP / Container-Security-Verification-Standard
  Container Security Verification Standard
  ☆57Updated 5 years ago
• rad-security / fingerprints
  A repository to store Rad Fingerprinting data.
  ☆23Updated 3 months ago
• chainguard-dev / justtrustme
  ☆51Updated 8 months ago
• DevSlop / pixi-crs
  CI Pipeline with Pixi, the WAF OWASP Core Rule Set and TestCafe tests.
  ☆15Updated 3 years ago
• jtmelton / camas
  A zero-dependency tool for finding secrets in directories
  ☆10Updated 3 years ago
• chainguard-dev / self-attestation
  Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.
  ☆21Updated last year
• vectra-ai-research / log4j-aws-sandbox
  A set of AWS resources for testing the Log4Shell vulnerability, deployable with terraform
  ☆12Updated 2 years ago
• antitree / cmd_and_kubectl_demos
  ☆27Updated last week
• lirlia / prel
  prel(iminary) is an application that temporarily assigns Google Cloud IAM Roles and includes an approval process.
  ☆36Updated this week
• omnibor / site
  Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.
  ☆21Updated this week
• jdyke / gcp-iam-analyzer
  Compares and analyzes GCP IAM roles.
  ☆76Updated 5 months ago
• jsotiro / docker-multiscan
  A multi scanner for docker images. It drives Clair, Anchore, Trivy, Snyk, Grype, AWS ECR scans and consolidates the results.
  ☆14Updated last year
• twilio-labs / gordon
  Gordon is status check Github app to enforce and validate about.yaml file specifications in a repository during pull requests to drive co…
  ☆20Updated 2 weeks ago
• ncc-erik-steringer / Aerides
  An implementation of infrastructure-as-code scanning using dynamic tooling.
  ☆56Updated 2 years ago
• BBVA / susto
  Systematic Universal Security Testing Orchestration
  ☆37Updated 2 years ago
• hashicorp-forge / semgrep-rules
  HashiCorp-relevant rules for the Semgrep code analysis tool
  ☆37Updated last year
• zenzora / awesome-gcpsec
  ☆14Updated 2 years ago