Open-Source Unified Vulnerability Management, DevSecOps & ASPM

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

Easy to maintain open source documentation websites.

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

WebGoat is a deliberately insecure application

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

Performant type-checking for python.

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, se…

Go security checker

Material UI: Comprehensive React component library that implements Google's Material Design. Free forever.

A static analyzer for Java, C, C++, and Objective-C

Find, verify, and analyze leaked credentials

A dependency injection based application framework for Go.

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

Application Security Verification Standard

A Modern Testing Framework for Go

Vulnerability Static Analysis for Containers

A simple threat modeling tool to help humans to reduce time-to-value when threat modeling

The only web-scale, fully customizable OpenID Certified™ OpenID Connect and OAuth2 Provider in the world. Become an OpenID Connect and OAuth2 Provider over night. Written in Go, cloud native, headl…

Continuous Inspection

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Tfsec is now part of Trivy

Go library for accessing the GitHub v3 API

Bandit is a tool designed to find common security issues in Python code.

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…

The lazier way to manage everything docker

🎨 Diagram as Code for prototyping cloud system architectures

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.