Top 22 Python Devsecops Projects

• prowler

  24 9,514 9.9 Python

  Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more

  

Project mention: Ask HN: Cloud security auditing for indie-grade projects? | news.ycombinator.com | 2023-12-04

Which cloud provider?

https://github.com/prowler-cloud/prowler is easy to get going with, and gives decent results. It's much stronger at AWS than GCP or Azure.

Steampipe can be a little harder to wrap your head around, but scales really well and has broader support: https://hub.steampipe.io/mods?objectives=security

• faraday

  8 4,600 5.0 Python

  Open Source Vulnerability Management Platform (by infobyte)

  

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• cicd-goat

  17 1,807 5.0 Python

  A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

  

Project mention: CI/CD Access All Areas? | dev.to | 2023-09-23

In this blog post, we want to explore what happens if a development machine gets compromised, granting an attacker write access to source code repositories. To experience this first-hand, we're using CI/CD Goat, and one of the CTF challenges to play through the scenario of an attacker gaining access to sensitive data within build infrastructure.

• ggshield

  22 1,522 9.7 Python

  Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.

  

• cve-bin-tool

  10 1,061 9.8 Python

  The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

  

Project mention: FLaNK Stack Weekly 19 Feb 2024 | dev.to | 2024-02-19

• ElectricEye

  1 860 9.5 Python

  ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks

• dep-scan

  3 699 8.8 Python

  OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

  

Project mention: Show devsecops: OWASP dep-scan v5 - a next-generation security and risk audit tool for everyone | /r/devsecops | 2023-12-05

Depscan v5 is the first opensource SCA tool that can perform precision reachability analysis for Java, JavaScript/TypeScript, and Python applications to triage and prioritize the results. We invented an automatic symbols tagger, a lightweight data-flow analyzer, and a static slicer to compute all reachable flows with or without vulnerabilities. We open-sourced all our work, including the specification.

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• betterscan-ce

  34 678 7.6 Python

  Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)

• packj

  38 613 7.2 Python

  Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

  

Project mention: Rust Without Crates.io | news.ycombinator.com | 2023-11-14

Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.

1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.

• tfquery

  3 326 0.0 Python

  tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.

• falconpy

  30 304 9.5 Python

  The CrowdStrike Falcon SDK for Python

  

Project mention: Identity API for PSfalcon or FalconPY | /r/crowdstrike | 2023-07-12

And for falconpy: https://github.com/CrowdStrike/falconpy/wiki/Identity-Protection

• ThreatPlaybook

  2 268 0.0 Python

  A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration

  

• apicheck

  2 263 0.0 Python

  The DevSecOps toolset for REST APIs

  

• GitGoat

  9 162 0.0 Python

  GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repositories without a risk to your production environment.

  

• dockerfile-security

  1 93 7.0 Python

  Static security checker for Dockerfiles

• introspector

  1 66 0.0 Python

  A schema and set of tools for using SQL to query cloud infrastructure.

  

• ochrona-cli

  2 52 0.6 Python

  A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs

• faraday_plugins

  1 45 8.4 Python

  Security tools report parsers for Faradaysec.com

  

• caracara

  1 33 7.4 Python

  Developer enhancements (DX) for FalconPy, the CrowdStrike Python SDK

  

• ess-gitlab

  2 13 0.0 Python

  Scanner for Gitlab Security Mis-Configurations

• github-leak-audit

  1 8 0.0 Python

  A GitHub workflow to identify employees that have leaked your organization's code

• cdkv2_prog_user_deploy

  1 1 3.6 Python

  Project for creating a programmatic user for integrate CI/CD tools for cdk deployments

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Python Devsecops related posts

• CI/CD Access All Areas?
  1 project | dev.to | 23 Sep 2023
• GitHub - boringtools/git-alerts: A Public Git repository
  1 project | /r/bag_o_news | 18 Sep 2023
• GitHub - boringtools/git-alerts: A Public Git repository & misconfiguration detection tool
  1 project | /r/cybersecurity | 14 Sep 2023
• A Public Git repository and misconfiguration detection tool
  1 project | news.ycombinator.com | 11 Sep 2023
• I made an app that lets you search all your apps and files at once
  1 project | /r/InternetIsBeautiful | 8 Jul 2023
• Tools for checking your code?
  1 project | /r/devops | 10 Apr 2023
• What do i tell him?
  2 projects | /r/ProgrammerHumor | 25 Mar 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 23 Apr 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Python projects with our weekly report!