Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Open-Source Unified Vulnerability Management, DevSecOps & ASPM

A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure code reviews. Features common vulnerabilities found in real-world applications, making it an ideal platform for security professionals, developers, and enthusiasts to learn pentesting and secure coding practices.

A community-driven OWASP Foundation project building open-source tools for vulnerability reporting, bug tracking, security automation & contributor engagement.

AI-driven Threat modeling-as-a-Code (TaaC-AI)

A Trivy plugin that scans and outputs the results (vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more) to an interactive html file.

DevSecOps Toolchain

Ansible Playbooks for Security Automation with Ansible2 book

A centralized hub for platform engineering teams, providing resources, best practices, and automation tools. Includes IaC templates, blueprints, and operational guides to help build scalable, secure, and efficient platforms for cloud-native environments and DevSecOps workflows.

The Universal Governance, Risk, Compliance (GRC) Operating System with Integrated Security for Agentic AI, Non-Human Identities, and Swarm Governance. AI SAFE² + AI Sovereignty Maturity Model (AISM) [Dual License: MIT + CC-BY-SA]

Efficient DevSecOps

Library to ingest and generate SBOMs

Внедрение и эксплуатация PT Application Inspector. Подробнее: https://habr.com/ru/company/pt/blog/557142/

Sploit -- All-in-one, AI-powered cybersecurity toolkit for web, network, and phishing tests. Modular, cross-platform, Docker-ready, with GUI & CLI. Open source by AUX-441 Team.

A curated hub of DevSecOps tools to secure workflows, optimized for CI/CD and more

In this workshop we will build a pipeline for a sample WordPress site in a stack. We will explore how to validate, lint and test templates, and dive deeper in tools that help you enforce compliance and network analysis, together with your development pipeline, for a full DevSecOps CI/CD.

Agentic AI for DevSecOps: Transforming Security with GitHub Advanced Security and GitHub Copilot. GitHub Advanced Security - DevSecOps Guidelines - Unified visibility into DevOps security posture. DevSecOps E2E Demos.

Framework for building an individual CI/CD pipeline geared towards embedded systems

AI-maintained security annotations for code. Continuous threat modeling, enforced in CI.

Luminous Onion is a cutting-edge web application designed to revolutionize vulnerability management by seamlessly ingesting security reports from a variety of 3rd party tools. With its intuitive interface and powerful features, Luminous Onion empowers organizations to take charge of their cybersecurity posture like never before.