Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Find secrets with Gitleaks 🔑

Find, verify, and analyze leaked credentials

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.

Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

🛡️ Open-source and next-generation Web Application Firewall (WAF)

🐚 Python-powered shell. Full-featured, cross-platform and AI-friendly.

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

Enterprise-ready zero-trust access platform built on WireGuard®.

Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

Tfsec is now part of Trivy

Ultimate DevSecOps library

Open Source Vulnerability Management Platform

DeepAudit：人人拥有的 AI 黑客战队，让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行，自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ，一键生成报告。支持中转站。​让安全不再昂贵，让审计不再复杂。

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

Open Source Cloud Native Application Protection Platform (CNAPP)

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Open-Source Unified Vulnerability Management, DevSecOps & ASPM

753+ structured cybersecurity skills for AI agents · MITRE ATT&CK mapped · agentskills.io open standard · Works with Claude Code, GitHub Copilot, OpenAI Codex CLI, Cursor, Gemini CLI & 20+ platforms · Penetration testing, DFIR, threat intel, cloud security & more · Apache 2.0

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

:unlock: :unlock: Find secrets and passwords in container images and file systems :unlock: :unlock:

ContainerSSH: Launch containers on demand

🔥Open source RASP solution

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.