SecHub provides a central API to test software with different security tools.

Simple and accurate guide for linux privilege escalation tactics

The official Python SDK for Model Context Protocol servers and clients

A helper tool to design CG Pipeline interactive diagrams and data flow documentation

A set of policies, standards and control procedures with mapping to HIPAA, NIST CSF, PCI DSS, SOC2, FedRAMP, CIS Controls, and more.

Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernet…

Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files

A collection of companies that disclose adversary TTPs after they have been breached

🍻 A CLI workflow for the administration of macOS applications distributed as binaries

free monthly courses, exam vouchers, and scholarships from various websites. Don't forget to star ⭐ this repository.

Awesome-LLM: a curated list of Large Language Model

☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

Tfsec is now part of Trivy

Asahi Linux documentation

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Open source security career ladders

OWASP Foundation Web Respository

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, an…

MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management.

The Security Champion Framework provides both a measuring stick and a roadmap generator for Champion Programs.

AWS Step Functions is an orchestration service for reliably executing multi-step processes using visual workflows. This repository includes detailed examples that will help you unlock the power of …

A Python client for the Snyk API.

An implementation of the TLS/SSL protocols

CLI tool to visualise CloudFormation/SAM/CDK stacks as visjs networks, draw.io or ascii-art diagrams.

An open source threat modeling tool from OWASP

Software Component Verification Standard (SCVS)