Top 23 Python Devsecops Projects

Devsecops

• Add a project

1. prowler

   1 30 13,949 9.9 Python

   Prowler is the world’s most widely used open-source cloud security platform that automates security and compliance across any cloud environment.

   

   Project mention: CIS AWS v3.0 in 60 Seconds: Automate Compliance with Terraform | dev.to | 2026-03-27

   And you're probably guessing that I'm not the first person to have the idea - we need to automate this. AWS Security Hub maps 37 controls. Prowler all of them. However, none of them answer the question of how to fix them (at least not by copy-pasting).

2. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

3. BunkerWeb

   2 25 10,572 9.9 Python

   🛡️ Open-source and cloud-native Web Application Firewall (WAF)

   

   Project mention: Show HN: BunkerWeb – open-source and cloud-native WAF/WAAP | news.ycombinator.com | 2026-01-12

4. xonsh

   3 133 9,491 9.9 Python

   🐚 Python-powered shell. Full-featured, cross-platform and AI-friendly.

   

   Project mention: Xonsh shell 0.23 REFORGED – not just a release | news.ycombinator.com | 2026-04-21

5. faraday

   4 8 6,510 8.0 Python

   Open Source Vulnerability Management Platform (by infobyte)

   

6. DeepAudit

   5 1 6,311 9.8 Python

   DeepAudit：人人拥有的 AI 黑客战队，让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行，自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ，一键生成报告。支持中转站。​让安全不再昂贵，让审计不再复杂。

   

   Project mention: Show HN: DeepAudit – open-source auditing agent (LLMs and Static Analysis) | news.ycombinator.com | 2025-12-15

7. cicd-goat

   6 17 2,219 5.2 Python

   A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

   

8. safety

   7 7 1,982 8.5 Python

   Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.

   

9. ggshield

   8 24 1,961 9.3 Python

   Detect and validate 500+ types of hardcoded secrets with advanced checks. Use it as a pre-commit hook, GitHub Action, or CLI for proactive secret detection and security.

   

   Project mention: GitGuardian MCP: Secret Scanning as a Hard Merge Gate for AI-Generated Code | dev.to | 2026-03-10

   ggshield Repository

10. cve-bin-tool

    9 13 1,696 9.7 Python

    The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

    

11. dep-scan

    10 4 1,242 7.5 Python

    OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

    

    Project mention: Slopsquatting: AI Hallucinations as Supply Chain Attacks | dev.to | 2026-03-04

    Add a CI gate. Integrate Software Composition Analysis into your pipeline. Tools like OWASP dep-scan flag unknown or newly published packages before they reach production. Generate and sign Software Bills of Materials (SBOMs) for every build so each dependency is auditable. If a package does not appear in your organization's approved registry, the build should fail.

12. ElectricEye

    11 1 1,041 3.0 Python

    ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

    

13. agentic-radar

    12 3 975 8.4 Python

    A security scanner for your LLM agentic workflows

    

14. packj

    13 41 686 7.2 Python

    Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

    

    Project mention: Packj flags malicious/risky open-source packages | news.ycombinator.com | 2026-05-22

15. privado

    14 21 643 7.2 Python

    Open Source Static Scanning tool to detect data flows in your code, find data security vulnerabilities & generate accurate Play Store Data Safety Report.

    

16. falconpy

    15 30 496 9.3 Python

    The CrowdStrike Falcon SDK for Python

    

17. skylos

    16 7 450 9.7 Python

    Open source local-first PR scanner that finds dead code, security bugs, secrets, quality regressions, and AI-code mistakes before merge. For first timers refer to https://duriantaco.github.io/skylos/repo-map/

    

    Project mention: GitHub Actions Security and GitLab CI Security: Static Analysis for CI/CD | dev.to | 2026-05-12

    pip install "git+https://github.com/duriantaco/skylos.git" skylos . --danger

18. tfquery

    17 3 333 0.0 Python

    tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.

    

19. ThreatPlaybook

    18 2 281 0.0 Python

    A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

    

20. apicheck

    19 2 277 0.0 Python

    The DevSecOps toolset for REST APIs

    

21. slowql

    20 1 188 9.4 Python

    SQL static analyzer for performance, security, compliance and cost. 272 rules. Completely offline. Works in CI pipelines.

    

    Project mention: SlowQL – stop bad SQL before it reaches production | news.ycombinator.com | 2026-03-09

    - Quality (30 rules): naming, deprecated syntax, style

    171 rules total. 873 tests. Zero telemetry. Your SQL never leaves your machine.

    pip install slowql && slowql

    I spent serious time on the terminal experience — health score gauge, severity heat map, keyboard navigation. It sounds like a detail but it drives actual adoption.

    GitHub: https://github.com/makroumi/slowql

22. GitGoat

    21 9 173 3.4 Python

    GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repositories without a risk to your production environment.

    

23. mcp-audit

    22 1 149 8.5 Python

    See what your AI agents can access. Scan MCP configs for exposed secrets, shadow APIs, and AI models. Generate AI-BOMs for compliance.

    

    Project mention: Show HN: APIsec MCP Audit – Audit what your AI agents can access | news.ycombinator.com | 2026-01-20

24. malicious-code-ruleset

    23 4 146 7.8 Python

    Focused malicious code detection ruleset, with a high protection-to-noise ratio

    

Python Devsecops related posts

• Setting Up Continuous Terraform Drift Monitoring With GitHub Actions and Slack

  1 project | dev.to | 6 Jun 2026

• Velonus – Open-source AppSec scanner that deduplicates SAST noise

  2 projects | news.ycombinator.com | 14 May 2026

• How I Built a Terraform Plan JSON Parser in Python

  1 project | dev.to | 9 May 2026

• How I Built a Terraform Plan JSON Parser in Python

  1 project | dev.to | 9 May 2026

• Why Severity Classification Changes Everything About Drift Detection

  1 project | dev.to | 2 May 2026

• Tfdrift – Open-source Terraform drift detection with severity classification

  1 project | news.ycombinator.com | 28 Apr 2026

• A post-mortem on the fastest database breach of 2026 - and the quality gate that would have stopped it cold.

  1 project | dev.to | 23 Mar 2026
• A note from our sponsor - SaaSHub
  www.saashub.com | 9 Jun 2026

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!