Open-source web app scanner.
ScanInterceptWeb apps
cyberstars / purpose / devsecops
Tools for devsecops
Shift-left scanning in CI/CD pipelines.
54 tools indexed
Policy-as-code across the stack.
HardenAutomateCloudIaC
Multi-cloud security posture.
ScanHardenCloud
QARK
—Quick Android Review Kit.
ScanAnalyzeMobile apps
Detect vulnerable JS libraries.
ScanWeb appsSource code
Self-hosted open-source WAF.
MonitorHardenWeb apps
API fuzzer from OpenAPI/GraphQL.
FuzzScanWeb apps
Lightweight static analysis.
ScanAnalyzeSource code
Solidity / Vyper static analyzer.
ScanAnalyzeSource code
Open-source SCA + IaC scanner.
ScanAnalyzeSource codeCloud
Solidity inspector.
AnalyzeSource code
Syft
—Generate SBOMs from containers and source code.
AnalyzeCloudSource code
Cloud-native secrets manager.
HardenAutomateCloudSource code
eBPF-based runtime security.
MonitorHardenCloudEndpoints
Cross-platform data-protection framework.
HardenSource codeEndpoints
Open-source cloud-native protection platform.
ScanMonitorCloudIaC
Container and IaC vulnerability scanner.
ScanCloudIaC
Find leaked credentials at scale.
ScanSource codeCloud
Google's network vulnerability scanner.
ScanNetworksWeb apps
Vuls
—Agent-less Linux vulnerability scanner.
ScanEndpointsCloud
Pre-commit secret detection.
ScanSource code
LLM vulnerability scanner.
ScanFuzzWeb appsSource code
Golang security checker.
ScanAnalyzeSource code
Google's general-purpose fuzzer.
FuzzBinariesSource code