Skip to content
#

devsecops

Star

Here are 437 public repositories matching this topic...

Language: All
Filter by language
All 437 Python 80 Java 47 Go 39 Shell 38 JavaScript 36 HTML 19 Dockerfile 16 TypeScript 13 HCL 11 Ruby 9
Sort: Best match
Sort options
Best match Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated

aquasecurity / trivy

Star 11.6k
Open

Ubuntu 22.04 LTS support

2
gnadaban
gnadaban commented Apr 25, 2022

Hi, when will Ubuntu 22.04 be supported for APT?

Attempting to install on Jammy using APT shows an error:

E: The repository 'https://aquasecurity.github.io/trivy-repo/deb jammy Release' does not have a Release file.
Read more
help wanted good first issue triage/support
Find more good first issues
Mobile-Security-Framework-MobSF

MobSF / Mobile-Security-Framework-MobSF

Star 11k

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

python rest static-analysis apk owasp dynamic-analysis web-security malware-analysis mobsf android-security mobile-security windows-mobile-security ios-security mobile-security-framework api-testing cwe devsecops runtime-security mstg masvs
  • Updated Apr 26, 2022
  • JavaScript

zricethezav / gitleaks

Sponsor
Star 9.6k
Open

config validation

6
zricethezav
zricethezav commented Dec 3, 2021

Is your feature request related to a problem? Please describe.
It would be nice if gitleaks had a validate command that would validate examples found in the config rules. Introducing such a feature would speed up rule development and help with debugging.

Describe the solution you'd like
example entry in the rules tables
ex:

[[rules]]
id = "discord-client-secret"
des
Read more
enhancement help wanted good first issue
Find more good first issues
prowler

prowler-cloud / prowler

Star 5.2k

Prowler is an Open Source security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks. Enterprise version:

aws security cis security-audit cloud aws-cli assessment forensics compliance hardening security-hardening hipaa cloudtrail hacktoberfest gdpr security-tools devsecops cis-benchmark aws-auditing well-architected
  • Updated Apr 27, 2022
  • Shell

bridgecrewio / checkov

Star 4.1k
Find more good first issues
terrascan

accurics / terrascan

Star 2.9k
Open

--soft-fail flag to always allow exit with 0 status (success)

6
adegoodyer
adegoodyer commented Aug 11, 2021
  • terrascan version: 1.9.0
  • terraform version: 1.0.1

Enhancement Request

Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.

Extremely useful when running the tool without halting a pipeline for example.

I currently use a workaround, but something more concrete would be very desira

Read more
enhancement good first issue

DefectDojo / django-DefectDojo

Star 2.1k
Open

Incorrect False positives and Risk accepted metrics

8
zakrush
zakrush commented Jun 30, 2021

Slack us first!
Hello. I write about problem here:
https://owasp.slack.com/archives/C2P5BA8MN/p1624892081234100

Be informative
As additional into slack I find the same behaviour with Risk Accepted findings. Into Metrics I see 0 Risk Accepted findings, but I have 1 Risk Accepted finding

Bug description
No error. Metrics into product, or metrics dushboard has incorrect info

Read more
bug good first issue stale
Find more good first issues
ThreatMapper

deepfence / ThreatMapper

Star 1.5k

🔥 🔥 Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more. 🔥 🔥

serverless secops cloud-native security-vulnerability vulnerability-detection vulnerability-management observability vulnerability-scanners vulnerability-assessment log4j2 threat-analysis security-tools cloudsecurity devsecops vulnerability-scanning scanning-tool registry-scanning cwpp
  • Updated Apr 27, 2022
  • JavaScript
dependency-track

DependencyTrack / dependency-track

Star 1.1k
Open

Migrate Swagger to OpenAPI 3

2
stevespringett
stevespringett commented Nov 18, 2020

The current swagger definition is autogenerated. The automatically generated definitions rely on reflection and annotations to create the documentation. The reflection capabilities are poor at best and lead to missing API parameters. Annotations can help in some cases, but the only fix for Swagger is to create individual POJOs for every possible request. This will lead to unnecessary large number

Read more
enhancement help wanted p2 good first issue

lunasec-io / lunasec

Sponsor
Star 1k

LunaSec - Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. Get started in one-click via our GitHub App or host it yourself. https://github.com/apps/lunatrace-by-lunasec/

security dependency-analysis cybersecurity pci-dss web-security compliance hardening scanning cve-scanning tokenization gdpr security-tools devsecops zero-trust soc2 privacy-by-design sbom scanning-tool sbom-generator log4shell
  • Updated Apr 27, 2022
  • TypeScript
ElectricEye

jonrau1 / ElectricEye

Star 567

Continuously monitor your AWS attack surface and evaluate services for configurations that can lead to degradation of confidentiality, integrity or availability. All results can be exported to Security Hub, JSON, CSV, Databases, and more for further aggregation and analysis.

security-audit compliance security-hardening aws-security monitoring-tool security-tools devsecops soar security-engineering cloud-security aws-audit cloud-auditing security-monitoring well-architected cloud-compliance-reporting security-hub aws-compliance continuous-compliance attack-surface-management
  • Updated Apr 26, 2022
  • Python

Improve this page

Add a description, image, and links to the devsecops topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the devsecops topic, visit your repo's landing page and select "manage topics."

Learn more