Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Find, verify, and analyze leaked credentials

Find secrets with Gitleaks 🔑

World's most advanced database DevSecOps solution for Developer, Security, DBA and Platform Engineering teams. The GitHub/GitLab for database DevSecOps.

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

Tfsec is now part of Trivy

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

🔓 🔓 Find secrets and passwords in container images and file systems 🔓 🔓

Zero-ETL, infinite possibilities. Live query APIs, code & more with SQL. No DB required.

🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

Agile Threat Modeling Toolkit

Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

kube-scan: Octarine k8s cluster risk assessment tool

🧵 CLI tool for directly patching container images!

ContainerSSH: Launch containers on demand

ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.

Query, provision and operate Cloud and SaaS resources and APIs using an extensible SQL based framework

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets