Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

Open Source Vulnerability Management Platform

Python-powered shell. Full-featured and cross-platform.

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

🛡️ Open-source and next-generation Web Application Firewall (WAF)

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure code reviews. Features common vulnerabilities found in real-world applications, making it an ideal platform for security professionals, developers, and enthusiasts to learn pentesting and secure coding practices.

Detect and validate 500+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.

Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

The CrowdStrike Falcon SDK for Python

ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

Hunter作为中通DevSecOps闭环方案中的一环，扮演着很重要的角色，开源之后希望能帮助到更多企业。

DevSecOps pipeline for Python based project using Jenkins, Ansible, AWS, and open-source security tools and checks.

Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependencies. CI and Git friendly.

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

A security scanner for your LLM agentic workflows

IAST 灰盒扫描工具

AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security. Automate vulnerability discovery with intelligent fuzzing, AI-driven analysis, and a marketplace of security tools.

Identify hardcoded secrets in static structured text