The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines

Open Source Cloud Native Application Protection Platform (CNAPP)

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.

Find and verify secrets

BigBang the product

Protect and discover secrets using Gitleaks 🔑

Trusty Dependency Analysis Action

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

🛡️ Make your web services secure by default !

WireGuard®-based zero-trust access platform with OIDC auth, identity sync, and NAT traversal.

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

DevSecOps, ASPM, Vulnerability Management. All on one platform.

boostsecurityio/poutine

Ultimate DevSecOps library

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

Agile Threat Modeling Toolkit

secureCodeBox (SCB) - continuous secure delivery out of the box