continuous-integration
CLI to spin your CI/CD for react-native!
The problem we noticed is that setting up CI is performed once, needs to be researched every time, and is often trial and error driven. The process is repetitive.
We created a tool that bootstraps CI with the most used features, which are ready for customization in the future. Running npx setup-ci generates GitHub workflows for the most popular CI tasks.
Load testing designed for DevOps and CI/CD.
Gatling is a highly capable load testing tool. It is designed for ease of use, maintainability and high performance.
Out of the box, Gatling comes with excellent support of the HTTP protocol that makes it a tool of choice for load testing any HTTP server. As the core engine is actually protocol agnostic, it is perfectly possible to implement support for other protocols. For example, Gatling currently also ships JMS support.
OPEN SOURCE ORCHESTRATION AND CORRELATION TOOL. ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
Automate Your Application Security Orchestration And Correlation (ASOC) Using ArcherySec.
ArcherySec allow to interact with continuous integration/continuous delivery (CI/CD) toolchains to specify testing, and control the release of a given build based on results. Its include prioritization functions, enabling you to focus on the most critical vulnerabilities. ArcherySec uses popular open source tools to perform comprehensive scanning for web application and network. The developers can also utilize the tool for implementation of their DevOps CI/CD environment.
validate the structure of your container images.
The Container Structure Tests provide a powerful framework to validate the structure of a container image. These tests can be used to check the output of commands in an image, as well as verify metadata and contents of the filesystem.
Related contents:
Generate beautiful changelogs from your Git commit history.
clog creates a changelog automatically from your local git metadata. See the clogs changelog.md for an example.
CI/CD orchestrator for Terraform.
Open Source Terraform Orchestration for Teams. Automation, Collaboration and Governance for Terraform within your CI/CD system.
Digger is an open source IaC orchestration tool. Digger allows you to run IaC in your existing CI pipeline
pylyzer is a static code analyzer / language server for Python, written in Rust.
🦙 MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues in your repository sources with a GitHub Action, other CI tools or locally.
A highly customizable Changelog Generator that follows Conventional Commit specifications ⛰️.
git-cliff can generate changelog files from the Git history by utilizing conventional commits as well as regex-powered custom parsers. The changelog template can be customized with a configuration file to match the desired format.
View 5 weeks of DevSecOps Series' Articles on DEV Community
Gitleaks is a fast, light-weight, portable, and open-source secret scanner for git repositories, files, and directories.
Related contents:
Automated dependency updates.
Get pull requests to update your dependencies and lock files.
Related contents:
Pretty fast linter (code static analysis utility) for PHP. NoVerify is a PHP linter: it finds possible bugs and style violations in your code.
Here at Pa11y, we think making the web more accessible improves it for everyone. So we publish a range of free and open source tools to help designers and developers make their web pages more accessible.
Fearless refactoring, it does a lot of smart checks to find certain errors.
The Easiest way to add coding standard to your PHP project.
Easy Coding Standard focuses on easy run, setup, and use. From composer requirement through the automated setup to the config.
The Universal Code Beautifier.
Single beautifier abstracting multiple beautifiers for multiple languages.
PHP Benchmarking framework.
PHPBench is a benchmark runner for PHP analogous to PHPUnit but for performance rather than correctness.
A vulnerability scanner for container images and filesystems.
Related contents:
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration with ASPM/VM platforms and in CI environments.
Knip finds unused files, dependencies and exports in your JavaScript and TypeScript projects.
Related contents:
CI/CD Security Analyzer.
RAVEN (Risk Analysis and Vulnerability Enumeration for CI/CD) is a powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j database.
An extensible multilanguage static code analyzer.
PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports many languages. It can be extended with custom rules. It uses JavaCC and Antlr to parse source files into abstract syntax trees (AST) and runs rules against them to find violations. Rules can be written in Java or using a XPath query.
Kubernetes-native CI/CD building blocks.
Tekton is a powerful yet flexible Kubernetes-native open source framework for creating continuous integration and delivery (CI/CD) systems. It lets you build, test, and deploy across multiple cloud providers or on-premises systems by abstracting away the underlying implementation details.
A CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Exceptional for vulnerability detection when used with a scanner like Grype.
Related contents:
A vulnerability scanner for container images and filesystems.
Lfi Scan Tool.
LFI Space is a robust and efficient tool designed to detect Local File Inclusion (LFI) vulnerabilities in web applications. This tool simplifies the process of identifying potential security flaws by leveraging two distinct scanning methods: Google Dork Search and Targeted URL Scan. With its comprehensive approach, LFI Space assists security professionals, penetration testers, and ethical hackers in assessing the security posture of web applications.
scissors Find unused files, dependencies and exports in your JavaScript and TypeScript projects. Knip it before you ship it!
Declarative CLI Version Manager. Unify tool versions in teams, projects, and CI. Easy, painless, and secure.
Declarative CLI Version manager written in Go. Support Lazy Install, Registry, and continuous update with Renovate. CLI version is switched seamlessly
A fully functional local cloud stack. Develop and test your cloud and serverless apps offline!
LocalStack is an easy-to-use test/mocking framework for developing cloud applications. Using LocalStack, you can spin up a local test environment in seconds, and get the same functionality you would get from a real AWS environment.
Smart automation for DevOps teams and CI/CD pipelines. The AKEless Build System for C#/.NET.
Whisky is the simplest, framework agnostic, CLI tool for managing and enforcing a php project's git hooks across an entire team.
Automated Way to Instantly Upgrade and Refactor any PHP code.
Rector instantly upgrades and refactors the PHP code of your application.
Related contents:
scc is a very fast accurate code counter with complexity calculations and COCOMO estimates written in pure Go.
A tool similar to cloc, sloccount and tokei. For counting physical the lines of code, blank lines, comment lines, and physical lines of source code in many programming languages.
Goal is to be the fastest code counter possible, but also perform COCOMO calculation like sloccount and to estimate code complexity similar to cyclomatic complexity calculators. In short one tool to rule them all.
Related contents:
Webhook server for Gitlab, Github and Gitea to run arbitrary commands
Very flexible git hook manager for php developers.
CaptainHook is an easy to use and very flexible git hook library for php developers. It enables you to configure your git hook actions in a simple json file.
JavaScript Web Testing and Component Testing Framework. Test. Automate. Accelerate.
With Cypress, you can easily create tests for your modern web applications, debug them visually, and automatically run them in your continuous integration builds.
Command-line translator using Google Translate, Bing Translator, Yandex.Translate, etc.
Translate Shell (formerly Google Translate CLI) is a command-line translator powered by Google Translate (default), Bing Translator, Yandex.Translate, and Apertium. It gives you easy access to one of these translation engines in your terminal:
Put your architectural rules under test!
PHPArkitect helps you to keep your PHP codebase coherent and solid, by permitting to add some architectural constraint check to your workflow. You can express the constraint that you want to enforce, in simple and readable PHP code, for example:
Test and enforce architectural rules in your Laravel applications. Keep your app's architecture clean and consistent!
Laravel Arkitect lets you test and enforce your architectural rules in your Laravel applications, and it's a PHPArkitect wrapper for Laravel. This package helps you to keep your app's architecture clean and consistent.
Marketplace of ready-to-use CI/CD templates. Make your GitLab CI/CD simple and reusable.
BDD Framework for .NET.
Enhance your automated tests The free & open source BDD-Framework for .NET
Dockerfile linter, validate inline bash, written in Haskell.
A smarter Dockerfile linter that helps you build best practice Docker images. The linter parses the Dockerfile into an AST and performs rules on top of the AST. It stands on the shoulders of ShellCheck to lint the Bash code inside RUN instructions.
Your Kubernetes Platform is one Git commit away.
The DevOps Stack provides a standard Kubernetes Platform, bringing together automated Provisioning as Code, Continuous Application Deployment, and readily-made configurations for the best Cloud Native tools in the industry.
Make CI/CD Super Simple.
Earthly is a versatile, approachable CI/CD framework that runs every pipeline inside containers, giving you repeatable builds that you write once and run anywhere. It has a super simple, instantly recognizable syntax that is easy to write and understand – like Dockerfile and Makefile had a baby. And it leverages and augments popular build tools instead of replacing them, so you don’t have to rewrite all your builds no matter what languages you use.
Discover vulnerabilities across a codebase with CodeQL, our industry-leading semantic code analysis engine. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same.
Fast and powerful Git hooks manager for Node.js, Ruby or any other type of projects.
Automatically apply Tighten's default code style for Laravel apps.
Automatic configuration for Laravel apps to apply Tighten's standard linting & code standards.
Automate the creation of merge proposals for scriptable changes.
Silver-Platter makes it possible to contribute automatable changes to source code in a version control system. It automatically creates a local checkout of a remote repository, makes user-specified changes, publishes those changes on the remote hosting site and then creates a pull request.
In addition to that, it can also perform basic maintenance on branches that have been proposed for merging - such as restarting them if they have conflicts due to upstream changes.
The Modern Software Delivery Platform - CI, CD, Feature Flags, Cloud Costs & more.
Harness is the industry’s first Software Delivery Platform to use AI to simplify your DevOps processes - CI, CD & GitOps, Feature Flags, Cloud Costs, and much more.
Monitor your GitHub Actions in real time from the command line.
The Ruby Linter/Formatter that Serves and Protects.
RuboCop is a Ruby code style checker (linter) and formatter based on the community-driven Ruby Style Guide.
Related contents:
continuous fuzzing for open source software. Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community.
🐶 Automated code review tool integrated with any code analysis tools regardless of programming language. reviewdog provides a way to post review comments to code hosting service, such as GitHub, automatically by integrating with any linter tools with ease. It uses an output of lint tools and posts them as a comment if findings are in diff of patches to review.
A specification for adding human and machine readable meaning to commit messages.
Related contents: