arnica-ext / GitGoat
GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repositories without a risk to your production environment.
☆166Updated last month
Related projects: ⓘ
- Evaluate source control (GitHub) security posture☆248Updated last year
- Open source compliance tool for development platforms.☆283Updated 10 months ago
- boostsecurityio/poutine☆202Updated this week
- Useful scripts, Docker images, docker-compose apps, and Terraform modules.☆140Updated this week
- ☆108Updated last month
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆76Updated this week
- A curated list of policy-as-code resources like blogs, videos, and tools to practice on for learning Policy-as-Code.☆179Updated 9 months ago
- Compares and analyzes GCP IAM roles.☆76Updated 3 months ago
- A GitHub App that acts like a Security Token Service (STS) for the Github API☆108Updated this week
- CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments.☆264Updated 2 weeks ago
- OWASP Foundation Web Respository☆79Updated 2 weeks ago
- ☆90Updated 4 months ago
- AWS honey token manager☆78Updated last month
- KaiMonkey provides vulnerable infrastructure as code (IaC) to help explore and understand common cloud security threats exposed via IaC.☆93Updated 9 months ago
- A list of cloud security tools and vendors.☆124Updated 2 weeks ago
- List of known AWS accounts☆157Updated 3 weeks ago
- ☆106Updated 3 months ago
- Vulnerability scanning just got lazier☆275Updated 4 months ago
- CLI to prevent malicious Terraform Providers from being executed. You can define the allow list of Terraform Providers and their versions…☆70Updated this week
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆165Updated 7 months ago
- A tool to check the security settings of Github Organizations.☆68Updated last year
- Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts☆56Updated last year
- A full insecure kubernetes application for testing security tools☆41Updated last week
- Script to audit GitHub Action Workflow files for potential vulnerabilities.☆147Updated 3 weeks ago
- Is your AWS perimeter secure? Use Powerpipe and Steampipe to check your AWS accounts for public resources, resources shared with untrust…☆105Updated 6 months ago
- Enrich SBOMs with data from third party services☆108Updated 3 weeks ago
- An open-source collection of API key rotation tutorials.☆54Updated 2 weeks ago
- cloudgrep is grep for cloud storage☆314Updated last month
- BadRobot - Operator Security Audit Tool☆214Updated this week
- An AWS IAM policy statement parser and query tool.☆153Updated 7 months ago