.svg){kind=icon}
Find and verify secrets. Find leaked credentials.
TruffleHog is the most powerful secrets Discovery, Classification, Validation, and Analysis tool. In this context secret refers to a credential a machine uses to authenticate itself to another machine. This includes API keys, database passwords, private encryption keys, and more...
This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration with ASPM/VM platforms and in CI environments.
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys.
Simple and flexible tool for managing secrets.
SOPS is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.
Total visibility of your software engineering lifecycle.
Chalk™ captures metadata at build time, and can add a small 'chalk mark' (metadata) to any artifacts, so they can be identified in production. Chalk can also extract chalk marks and collect additional metadata about the operating environment when it does this.
Using Chalk, you can build a graph connecting development and production, so that devops engineers understand what is happening in the development process, and so that developers can understand what is happening in the infrastructure. With this information they can work better together.
An open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters.
Kubescape is an open-source Kubernetes security platform. It includes risk analysis, security compliance, and misconfiguration scanning. Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities. It saves Kubernetes users and admins precious time, effort, and resources.
NIST Certified SCAP 1.2 toolkit. The oscap program is a command line tool that allows users to load, scan, validate, edit, and export SCAP documents.
The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines. We maintain great flexibility and interoperability, reducing costs of performing security audits.