Interactive roadmaps, guides and other educational content to help developers grow in their careers.

Find secrets with Gitleaks 🔑

cloc counts blank lines, comment lines, and physical lines of source code in many programming languages.

🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2026

Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.

⚙️ A curated list of static analysis (SAST) tools and linters for all programming languages, config files, build tools, and more. The focus is on tools which improve code quality.

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

Removes large or troublesome blobs like git-filter-branch does, but faster. And written in Scala

🦄 A curated list of privacy & security-focused software and services

Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Ultimate DevSecOps library

Code signing and transparency for containers and binaries

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

List of telegram groups, channels & bots // Список интересных групп, каналов и ботов телеграма // Список чатов для программистов

Web Attack Cheat Sheet

A linter for YAML files.

An implementation of StyleCop rules using the .NET Compiler Platform

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

♾️ Collection and Roadmap for everyone who wants DevSecOps. Hope your DevOps are more safe 😎

Source code about machine learning and security.

This is a step-by-step guide to implementing a DevSecOps program for any size organization

Supply-chain Levels for Software Artifacts

Bruteforce database

An open source threat modeling tool from OWASP

A list of open source web security scanners

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

in-toto is a framework to protect supply chain integrity.

Interview questions to screen offensive (red team/pentest) candidates

Threat matrix for CI/CD Pipeline

A big list of homoglyphs and some code to detect them