Alternatives and similar repositories for STRIDE-vs-ASVS

Users that are interested in STRIDE-vs-ASVS are comparing it to the libraries listed below

• ramimac / breach-list-database

  View on GitHub
  A meta-database collecting resources that compile lists of breaches
  ☆21Oct 30, 2025Updated 3 months ago
• Nextdoor / cspm_evaluation_matrix

  View on GitHub
  Nextdoor's Cloud Security Posture Management (CSPM) Evaluation Matrix
  ☆59Sep 7, 2023Updated 2 years ago
• righettod / injection-cheat-sheets

  View on GitHub
  Provide some tips to handle Injection into application code (OWASP TOP 10 - A1).
  ☆10Nov 11, 2020Updated 5 years ago
• OpenSecuritySummit / project-ASVS-User-Stories

  View on GitHub
  ☆20Jan 18, 2022Updated 4 years ago
• latacora / remediate-AWS-IMDSv1

  View on GitHub
  Simple tool to identify and remediate the use of the AWS EC2 IMDSv1.
  ☆15Aug 12, 2021Updated 4 years ago
• marco-lancini / utils

  View on GitHub
  Useful scripts, Docker images, docker-compose apps, and Terraform modules.
  ☆149Feb 1, 2026Updated last week
• hashicorp-forge / semgrep-rules

  View on GitHub
  HashiCorp-relevant rules for the Semgrep code analysis tool
  ☆41Oct 3, 2023Updated 2 years ago
• BlazingWind / OWASP-ASVS-4.0-testing-guide

  View on GitHub
  ☆124Nov 8, 2023Updated 2 years ago
• nccgroup / SFPolDevChk

  View on GitHub
  Salesforce Policy Deviation Checker
  ☆30Sep 30, 2020Updated 5 years ago
• kpolley / slackurity

  View on GitHub
  Slack bot which promotes Defense in Depth/Zero Trust security practices
  ☆24Jan 17, 2023Updated 3 years ago
• tenchi-security / camp

  View on GitHub
  CloudSplaining on AWS Managed Policies
  ☆44Sep 8, 2025Updated 5 months ago
• jdyke / gcp-iam-analyzer

  View on GitHub
  Compares and analyzes GCP IAM roles.
  ☆78Mar 9, 2025Updated 11 months ago
• salesforce / metabadger

  View on GitHub
  Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
  ☆143May 1, 2025Updated 9 months ago
• semgrep-old / rules-owasp-asvs

  View on GitHub
  Semgrep rules corresponding to the OWASP ASVS standard
  ☆27Nov 2, 2020Updated 5 years ago
• cado-security / varc

  View on GitHub
  Volatile Artifact Collector collects a snapshot of volatile data from a system. It tells you what is happening on a system, and is of par…
  ☆253Nov 18, 2024Updated last year
• edgeroute / security-champion-framework

  View on GitHub
  The Security Champion Framework provides both a measuring stick and a roadmap generator for Champion Programs.
  ☆110Jan 16, 2024Updated 2 years ago
• klarna-incubator / gram

  View on GitHub
  Gram is Klarna's own threat model diagramming tool
  ☆328Jan 26, 2026Updated 2 weeks ago
• tarahmarie / investigations

  View on GitHub
  ☆77Oct 16, 2022Updated 3 years ago
• DataDog / security-labs-pocs

  View on GitHub
  Proof of concept code for Datadog Security Labs referenced exploits.
  ☆449Jan 8, 2026Updated last month
• segmentio / threat-modeling-training

  View on GitHub
  Segment's Threat Modeling training for our engineers
  ☆245May 4, 2021Updated 4 years ago
• primeharbor / sensitive_iam_actions

  View on GitHub
  Crowdsourced list of sensitive IAM Actions
  ☆159Oct 29, 2024Updated last year
• Rezonate-io / github-oidc-checker

  View on GitHub
  Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts
  ☆61May 15, 2023Updated 2 years ago
• elttam / semgrep-rules

  View on GitHub
  ☆226Dec 18, 2025Updated last month
• GoogleCloudPlatform / active-assist

  View on GitHub
  ☆25Jun 27, 2024Updated last year
• gradio-app / safehttpx

  View on GitHub
  ☆72Oct 24, 2025Updated 3 months ago
• stephenbradshaw / aws_url_signer

  View on GitHub
  POC tool to create signed AWS API GET requests to bypass Guard Duty alerting of off-instance credential use via SSRF
  ☆59Sep 20, 2023Updated 2 years ago
• MichelleEmbleton / appSecRadar

  View on GitHub
  A colour-coded radar chart to keep track of technologies in use, whether they are being evaluated, adopted or phased out.
  ☆14Jan 6, 2021Updated 5 years ago
• doyensec / Unsafe-Unpacking

  View on GitHub
  Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide
  ☆42Dec 16, 2024Updated last year
• cydea / threat-personas

  View on GitHub
  We borrow the concept of 'personas' from UX/service design and apply it to threat actors to improve understanding between security, techn…
  ☆11Jun 17, 2020Updated 5 years ago
• Autodesk / continuous-threat-modeling

  View on GitHub
  A Continuous Threat Modeling methodology
  ☆324Jun 24, 2022Updated 3 years ago
• iriusrisk / OpenThreatModel

  View on GitHub
  The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.
  ☆179Dec 11, 2025Updated 2 months ago
• 9rnt / poro

  View on GitHub
  Scan publicly accessible assets on your AWS cloud environment
  ☆136Jan 14, 2026Updated 3 weeks ago
• semgr8ns / semgr8s

  View on GitHub
  Semgrep-based Policy Controller for Kubernetes
  ☆47Apr 4, 2025Updated 10 months ago
• dropbox / vsmc

  View on GitHub
  Vendor Security Model Contract
  ☆97Jul 3, 2022Updated 3 years ago
• rung / threat-matrix-cicd

  View on GitHub
  Threat matrix for CI/CD Pipeline
  ☆760Jul 8, 2024Updated last year
• Threagile / threagile

  View on GitHub
  Agile Threat Modeling Toolkit
  ☆723Nov 20, 2025Updated 2 months ago
• DataDog / threatest

  View on GitHub
  Threatest is a CLI and Go framework for end-to-end testing threat detection rules.
  ☆339Updated this week
• turbot / steampipe-mod-aws-perimeter

  View on GitHub
  Is your AWS perimeter secure? Use Powerpipe and Steampipe to check your AWS accounts for public resources, resources shared with untrust…
  ☆114Sep 8, 2025Updated 5 months ago
• wiz-sec-public / peach-framework

  View on GitHub
  PEACH - a step-by-step framework for modeling and improving SaaS and PaaS tenant isolation, by managing the attack surface exposed by use…
  ☆74Dec 14, 2022Updated 3 years ago