bancolombia / devsecops-engine-toolsLinks
Toolchain for the evaluation of different devsecops practices
☆37Updated last week
Alternatives and similar repositories for devsecops-engine-tools
Users that are interested in devsecops-engine-tools are comparing it to the libraries listed below
Sorting:
- A comprehensive list of software composition analysis tools.☆156Updated last month
- A utility to (re-)import findings and language data into DefectDojo☆43Updated last year
- SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It suppor…☆190Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆138Updated last year
- ☆547Updated this week
- OWASP Project Developer Guide - Document and Project Web pages☆114Updated this week
- OWASP Foundation Web Respository☆100Updated 2 weeks ago
- Scans your Github Actions for security issues☆86Updated last week
- ☆100Updated 9 months ago
- The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use …☆74Updated last month
- Discover vulnerabilities and container image misconfiguration in production environments.☆56Updated 2 weeks ago
- OWASP Kubernetes security and compliance tool [WIP]☆107Updated 2 years ago
- A full insecure kubernetes application for testing security tools☆89Updated 3 weeks ago
- A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.☆107Updated 11 months ago
- NextJS-based single-page application for completing and reviewing SAMM assessments☆77Updated 2 years ago
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆590Updated 7 months ago
- OWASP Foundation Web Respository☆56Updated last month
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.☆40Updated 3 years ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆96Updated 9 months ago
- Damn Vulnerable Kubernetes App (DVKA) is a series of apps deployed on Kubernetes that are damn vulnerable.☆190Updated 2 months ago
- Sharing software supply chain security open source projects☆52Updated 2 years ago
- Checkmarx Scan and Result Orchestration☆99Updated last week
- DefectDojo Community Content☆18Updated last week
- Software Component Verification Standard (SCVS)☆150Updated 7 months ago
- OWASP Foundation Web Respository☆47Updated 2 weeks ago
- Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini☆175Updated 6 months ago
- Autogrep automates Semgrep rule generation and filtering by using LLMs to analyze vulnerability patches, enabling automatic creation of h…☆53Updated 8 months ago
- GitHub actions and GitLab CI templates run various vulnerability scanners, upload the results into SecObserve and make the results of the…☆25Updated this week
- Process documentation, non-code deliverables, and miscellaneous artifacts of Kubernetes SIG Security☆226Updated 3 weeks ago
- Virtual environment for learning DevSecOps☆38Updated 8 years ago