ThreatPlaybook
ochrona-cli
Our great sponsors
ThreatPlaybook | ochrona-cli | |
---|---|---|
2 | 2 | |
268 | 52 | |
0.7% | - | |
0.0 | 0.6 | |
24 days ago | about 1 year ago | |
Python | Python | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ThreatPlaybook
-
SaaS Startup Security 101 - A quick guide for building secure SaaS
Threat modelling Look at some lightweight incremental threat modelling reviewing new user stories and then using labels to keep track of status. There are free tools such as threat playbook as well: https://github.com/we45/ThreatPlaybook
- ThreatPlaybook
ochrona-cli
What are some alternatives?
betterscan-ce - Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
pip-audit - Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
safety - Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
faraday_plugins - Security tools report parsers for Faradaysec.com
best-of-python-dev - ๐ A ranked list of awesome python developer tools and libraries. Updated weekly.
in-toto - in-toto is a framework to protect supply chain integrity.
dephell - :package: :fire: Python project management. Manage packages: convert between formats, lock, install, resolve, isolate, test, build graph, show outdated, audit. Manage venvs, build package, bump version.
anchore-engine - A service that analyzes docker images and scans for vulnerabilities
repometascore - repometascore (aka repository metadata scoring) analyzes metadata of the given repository, collects info about its contributors, and outputs the risk level.