bancolombia / devsecops-engine-toolsLinks
Toolchain for the evaluation of different devsecops practices
☆34Updated this week
Alternatives and similar repositories for devsecops-engine-tools
Users that are interested in devsecops-engine-tools are comparing it to the libraries listed below
Sorting:
- A comprehensive list of software composition analysis tools.☆152Updated last year
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆136Updated last year
- ☆76Updated 5 months ago
- A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.☆107Updated 7 months ago
- Curating Falco rules with MITRE ATT&CK Matrix☆82Updated last year
- Focused malicious code detection ruleset, with a high protection-to-noise ratio☆122Updated 4 months ago
- OWASP Kubernetes security and compliance tool [WIP]☆106Updated 2 years ago
- The security workflow engine!☆118Updated this week
- Discover vulnerabilities and container image misconfiguration in production environments.☆56Updated last month
- The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use …☆68Updated last year
- Fork Threat Modeling Platform - Community☆23Updated 3 months ago
- DustiLock is a tool to find which of your dependencies is susceptible to a Dependency Confusion attack.☆38Updated 3 years ago
- OWASP Foundation Web Respository☆45Updated last month
- OWASP Foundation Web Respository☆55Updated 2 years ago
- NextJS-based single-page application for completing and reviewing SAMM assessments☆76Updated 2 years ago
- A project to visualize the software supply chain☆51Updated last year
- Scans your Github Actions for security issues☆77Updated last week
- Damn Vulnerable Kubernetes App (DVKA) is a series of apps deployed on Kubernetes that are damn vulnerable.☆141Updated 3 months ago
- Sharing software supply chain security open source projects☆50Updated 2 years ago
- A comprehensive, systematic and actionable way to understand attacker behaviors and techniques with respect to the software supply chain☆96Updated 5 months ago
- SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It suppor…☆144Updated this week
- Easy-to-use Threat modeling-as-a-Code (TaaC) solution following DevSecOps principles. Simple CI/CD integration as well as console usage. …☆65Updated 3 weeks ago
- Red Teaming for AI and Cloud☆183Updated last month
- MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management.☆174Updated this week
- Test & Compare different Kubernetes security offerings on EKS, GKE and AKS☆40Updated 10 months ago
- A full insecure kubernetes application for testing security tools☆89Updated 2 months ago
- Use AI to Scan Your Code from the Command Line for security and code smells. Bring your own keys. Supports OpenAI and Gemini☆174Updated 2 months ago
- A utility to (re-)import findings and language data into DefectDojo☆43Updated 9 months ago
- StartLeft is an automation tool for generating Threat Models written in the Open Threat Model (OTM) format from a variety of different so…☆51Updated last week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆571Updated 3 months ago