cumulus
secureCodeBox
cumulus | secureCodeBox | |
---|---|---|
1 | 1 | |
14 | 733 | |
- | 2.6% | |
6.2 | 9.8 | |
12 months ago | 3 days ago | |
TeX | JavaScript | |
- | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cumulus
-
Show HN: Cumulus – Threat Modeling the Clouds
I am excited to share OWASP Cumulus, a threat modeling card game for IT security in DevOps and cloud projects. Taking strong inspiration from the well-known card games "Elevation of Privilege" and "OWASP Cornucopia" we created a game for threat modeling specifically the Ops part of DevOps projects.
It targets DevOps engineering teams, site reliability engineers and security professionals and gives a lightweight start into threat modeling and security by design.
Please check it out at https://owasp.org/www-project-cumulus/ and contribute via https://github.com/OWASP/cumulus. Let's make this a community project!
secureCodeBox
What are some alternatives?
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
django-DefectDojo - DevSecOps, ASPM, Vulnerability Management. All on one platform.
ZAP - The ZAP core project
terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Open-Source-Security-Guide - Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
github-actions-goat - GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment
cosign-keyless-admission-webhook - Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect
kraken - Kraken: A multi-platform distributed brute-force password cracking system
modron - Modron - Cloud security compliance