Stars
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, harden…
OCSF (https://schema.ocsf.io/) models in Python using Pydantic.
MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management.
Automating situational awareness for cloud penetration tests.
Empowering People Ethically 🚀 — Matomo is hiring! Join us → https://matomo.org/jobs Matomo is the leading open-source alternative to Google Analytics, giving you complete control and built-in priva…
Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
The missing star history graph of GitHub repos - https://star-history.com
This solutions facilitates rapid deployment of Prowler, full AWS Organization analysis, and finding processing as part of a security posture report.
Templates that create needed permissions in an account to be scanned by ProwlerPro
Compliance automation framework, focused on SOC2
An encyclopedia for offensive and defensive security knowledge in cloud native technologies.
Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.
Testing TLS/SSL encryption anywhere on any port
CloudSpec is an open source tool for validating your resources in your cloud providers using a logical language.
SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to c…
Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans…
kube-scan: Octarine k8s cluster risk assessment tool
AWS Security Tools (AST) in a simple Docker container. 📦
An enterprise friendly way of detecting and preventing secrets in code.
A list of covert channels and steganography/steganalysis resources (books, papers & tools)
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
Minimalist containerized implementation of Prowler from https://github.com/toniblyx/prowler, made to run within ECS Fargate and have Secrets passed via AWS Secrets Manager