SaaSHub helps you find the best software and product alternatives Learn more →
Top 22 Python Devsecops Projects
-
prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
cicd-goat
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
-
ggshield
Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
-
cve-bin-tool
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
-
ElectricEye
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & SaaS environments with controls mapped to over 20 industry, regulatory, and best practice controls frameworks
-
dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
betterscan-ce
Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners + OpenAI GPT with One Report (Code, IaC) - Betterscan Community Edition (CE)
-
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
-
tfquery
tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.
-
ThreatPlaybook
A unified DevSecOps Framework that allows you to go from iterative, collaborative Threat Modeling to Application Security Test Orchestration
-
GitGoat
GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repositories without a risk to your production environment.
-
ochrona-cli
A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
-
cdkv2_prog_user_deploy
Project for creating a programmatic user for integrate CI/CD tools for cdk deployments
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Ask HN: Cloud security auditing for indie-grade projects? | news.ycombinator.com | 2023-12-04Which cloud provider?
https://github.com/prowler-cloud/prowler is easy to get going with, and gives decent results. It's much stronger at AWS than GCP or Azure.
Steampipe can be a little harder to wrap your head around, but scales really well and has broader support: https://hub.steampipe.io/mods?objectives=security
In this blog post, we want to explore what happens if a development machine gets compromised, granting an attacker write access to source code repositories. To experience this first-hand, we're using CI/CD Goat, and one of the CTF challenges to play through the scenario of an attacker gaining access to sensitive data within build infrastructure.
Project mention: Show devsecops: OWASP dep-scan v5 - a next-generation security and risk audit tool for everyone | /r/devsecops | 2023-12-05Depscan v5 is the first opensource SCA tool that can perform precision reachability analysis for Java, JavaScript/TypeScript, and Python applications to triage and prioritize the results. We invented an automatic symbols tagger, a lightweight data-flow analyzer, and a static slicer to compute all reachable flows with or without vulnerabilities. We open-sourced all our work, including the specification.
Creator of Packj [1] here. How do you envision sandboxing/security policies will be specified? Per-lib policies when you've hundreds of dependencies will become overwhelming. Having built an eBPF-based sandbox [2], I anticipate that accuracy will be another challenge here: too restrictive will block functionality, too permissive defeats the purpose.
1. https://github.com/ossillate-inc/packj flags malicious/risky NPM/PyPI/RubyGems/Rust/Maven/PHP packages by carrying out static+dynamic+metadata analysis.
And for falconpy: https://github.com/CrowdStrike/falconpy/wiki/Identity-Protection
Python Devsecops related posts
- CI/CD Access All Areas?
- GitHub - boringtools/git-alerts: A Public Git repository
- GitHub - boringtools/git-alerts: A Public Git repository & misconfiguration detection tool
- A Public Git repository and misconfiguration detection tool
- I made an app that lets you search all your apps and files at once
- Tools for checking your code?
- What do i tell him?
-
A note from our sponsor - SaaSHub
www.saashub.com | 23 Apr 2024
Index
What are some of the best open-source Devsecops projects in Python? This list will help you:
Project | Stars | |
---|---|---|
1 | prowler | 9,514 |
2 | faraday | 4,600 |
3 | cicd-goat | 1,807 |
4 | ggshield | 1,522 |
5 | cve-bin-tool | 1,061 |
6 | ElectricEye | 860 |
7 | dep-scan | 699 |
8 | betterscan-ce | 678 |
9 | packj | 613 |
10 | tfquery | 326 |
11 | falconpy | 304 |
12 | ThreatPlaybook | 268 |
13 | apicheck | 263 |
14 | GitGoat | 162 |
15 | dockerfile-security | 93 |
16 | introspector | 66 |
17 | ochrona-cli | 52 |
18 | faraday_plugins | 45 |
19 | caracara | 33 |
20 | ess-gitlab | 13 |
21 | github-leak-audit | 8 |
22 | cdkv2_prog_user_deploy | 1 |
Sponsored