Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Internet-scale OpenID Certified™ OpenID Connect and OAuth2.1 provider that integrates with your user management through headless APIs. Solve OIDC/OAuth2 user cases over night. Consume as a service …

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

Material UI: Comprehensive React component library that implements Google's Material Design. Free forever.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

Go security checker

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

Open-Source Unified Vulnerability Management, DevSecOps & ASPM

Vulnerability Static Analysis for Containers

Find, verify, and analyze leaked credentials

Easy to maintain open source documentation websites.

Go library for accessing the GitHub v3 API

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

A static analyzer for Java, C, C++, and Objective-C

ShellCheck, a static analysis tool for shell scripts

Performant type-checking for python.

Continuous Inspection

A simple threat modeling tool to help humans to reduce time-to-value when threat modeling

A Commander for modern Go CLI interactions

Find secrets with Gitleaks 🔑

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a rang…

Bandit is a tool designed to find common security issues in Python code.

A Modern Testing Framework for Go

Application Security Verification Standard

WebGoat is a deliberately insecure application

The Official Bash Bunny Payload Repository

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.