A pytest-native safety and security testing framework for agentic AI applications

A lightweight alternative to OpenClaw that runs in containers for security. Connects to WhatsApp, Telegram, Slack, Discord, Gmail and other messaging apps,, has memory, scheduled jobs, and runs dir…

Automated Penetration Testing Agentic Framework Powered by Large Language Models

OWASP Autonomous Penetration Testing Standard

CVE-Bench: A Benchmark for AI Agents’ Ability to Exploit Real-World Web Application Vulnerabilities

AWS Attack Path Scanner - Discover privilege escalation paths across 10+ AWS services

GCP cloud security CTF

Are AWS Well-Architected best practices being followed? Use Powerpipe and Steampipe to check if your AWS accounts are following best practices from each lens and pillar.

Powerpipe: Dashboards for DevOps. Visualize cloud configurations. Assess security posture against a massive library of benchmarks. Build custom dashboards with code.

A curated list for awesome kubernetes sources 🚢🎉

secureCodeBox (SCB) - continuous secure delivery out of the box

Threat Designer is a GenerativeAI application designed to automate and streamline the threat modeling process for secure system design.

📚Open Source Curriculum for CNCF Certification Courses

A generative sequencer that combine LLM and local rule based sequencer

TheHive is a Collaborative Case Management Platform, now distributed as a commercial version

GRR Rapid Response: remote live forensics for incident response

Supply-Chain Firewall (SCFW) is a tool for preventing the installation of malicious npm and PyPI packages 🔥

Open Cyber Threat Intelligence Platform

Microsoft Defender for Cloud threat matrix for Kubernetes

📚 A curated list of awesome Docker security resources

An open-source framework for detecting, redacting, masking, and anonymizing sensitive data (PII) across text, images, and structured data. Supports NLP, pattern matching, and customizable pipelines.

Kubernetes Enumeration Tools for Penetration Testing - K8s security assessment scripts for red team operations

Unified Policy Engine

Nuke Everything in GCP Project

S3 Account Search

ASH is an extensible, open source SAST, SCA, and IaC security scanner orchestration engine.

An AWS IAM Privilege Escalation Path Library

UPX - the Ultimate Packer for eXecutables

A SBOM-centric security scanner.