devsecops topic

njsscan is a semantic aware SAST tool that can find insecure code patterns in your Node.js applications.

ajinabraham

An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

aquasecurity

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or...

intel

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

michelin

The CrowdStrike Falcon SDK for Python

CrowdStrike

Knowledge seeks no man

jturgasen

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

hysnsec

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP &...

jonrau1

⚙️ Scan your Go, Java, Kotlin, PHP, Python, JavaScript, TypeScript, .NET projects at GitHub with Qodana. This repository contains Qodana for Azure, GitHub, CircleCI and Gradle

JetBrains

Kubernetes Security Checklist and Requirements - All in One (authentication, authorization, logging, secrets, configuration, network, workloads, dockerfile)

Vinum-Security