cr0hn / dockerfile-security
Static security checker for Dockerfiles
β92Updated 7 months ago
Related projects β
Alternatives and complementary repositories for dockerfile-security
- Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.β76Updated 3 years ago
- ποΈ STRIDE vs. ASVS equivalence tableβ75Updated 2 months ago
- A step-by-step walkthrough of CloudGoat 2.0 scenarios.β133Updated 4 years ago
- Discover vulnerabilities and container image misconfiguration in production environments.β53Updated 2 months ago
- Hayat is a script for report and analyze Google Cloud Platform resources.β79Updated 4 years ago
- Monitoring GitHub for sensitive data shared publiclyβ66Updated 2 years ago
- Kubernetes Pwnage for allβ54Updated 3 years ago
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raiderβ138Updated 3 years ago
- All-in-one tool for managing vulnerability reports from AppSec pipelinesβ105Updated last year
- Scan DockerHub images that match a keyword to find secrets.β54Updated 3 years ago
- A small tool to help developers understand a huge set of security requirements from appsec teamsβ45Updated 2 years ago
- Burp with Friendsβ99Updated last year
- Semgrep rules corresponding to the OWASP ASVS standardβ27Updated 4 years ago
- truffleproc β hunt secrets in process memory (TruffleHog & gdb mashup)β110Updated last year
- Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).β122Updated last year
- Whitebox evaluation of effective S3 object permissions, to identify publicly accessible files.β74Updated 2 years ago
- drHEADer helps with the audit of security headers received in response to a single request or a list of requests.β105Updated 2 weeks ago
- Create notes during a security code review in VSCode π Import your favorite SAST tool findings π οΈ and collaborate with others π€β129Updated last year
- Docs: Vulnerability management aggregation of AppSec & OpSec (Tools Listing)β30Updated last year
- Scans Slack for API tokens, credentials, passwords, and more using YARA rulesβ38Updated 3 years ago
- β109Updated last year
- Orchestron is an Application Vulnerability Management and Correlation Tool.Orchestron helps you solve one key problem "Find and fix vulneβ¦β31Updated last year
- Python API library for DefectDojoβ40Updated last year
- IAMFinder enumerates and finds users and IAM roles in a target AWS account.β109Updated 3 years ago
- Static Token And Credential Scannerβ95Updated last year
- Whalescan is a vulnerability scanner for Windows containers, which performs several benchmark checks, as well as checking for CVEs/vulnerβ¦β152Updated last year
- Reference architecture and proof of concept implementation for supply chain security gatewayβ23Updated last year
- Manager of third-party sources of Semgrep rules πβ76Updated 3 months ago
- Container Blackbox Security Auditing Tool: enumerates security configuration from within the target containerβ86Updated 5 years ago
- This repo gives an overview of some GCP metadata API attack and defend patternsβ76Updated 4 years ago