Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 vulnerability-detection Open-Source Projects
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
-
vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
-
kubescape
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
-
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
-
nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
-
scan4all
Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty( ͡° ͜ʖ ͡°)...
-
ThreatMapper
Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.
-
dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
-
kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
-
safety
Safety checks Python dependencies for known security vulnerabilities and suggests the proper remediations for vulnerabilities detected.
-
Open-Source-Security-Guide
Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
-
killshot
A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons | dev.to | 2024-04-16Trivy Owner/Maintainer: Aqua Security Age: First released on GitHub on May 7th, 2019 License: Apache License 2.0 backward-compatible with tfsec
Project mention: The 36 tools that SaaS can use to keep their product and data safe from criminal hackers (manual research) | /r/SaaS | 2023-05-22Nuclei
Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...
Project mention: CodiumAI PR-Agent Dominates the Dev World with Versatility and Open-Source Power | dev.to | 2023-12-03CodiumAI PR-Agent’s influence extends deeply within open-source projects. An exemplary illustration is Kubespace, a Cloud Native Computing Foundation (CNCF) sandbox project. Since its adoption in August, Kubespace has been utilizing the PR-Agent service. They also recently had a public bug bounty collaboration with CodiumAI. This program added an extra layer of community-driven scrutiny, encouraging contributors to utilize simple commands like /describe for effective pull request messages. Here the contributor wanted to better describe the PR, so he used the /describe prompt.
There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.
Project mention: Script kiddie tools preferred by the hackers of this channel? | /r/hacking | 2023-07-08Check https://github.com/projectdiscovery/nuclei mostly for CVEs.
Project mention: OWASP dependency check (<9.0.0) could fail to work after Dec 15th, 2023 | /r/programming | 2023-12-05
Project mention: ThreatMapper: Open-source cloud native security observability platform | news.ycombinator.com | 2023-09-10
Project mention: Scanning ports and finding network vulnerabilities using nmap | dev.to | 2023-12-01Few people know that nmap is not just for reconnaissance work. Among other things, it allows finding vulnerabilities based on scripts prepared by the community and the tool's developers. Examples include nmap-vulners, vulscan or already prepared scripts that are installed along with nmap.
OpenVAS - https://github.com/greenbone/openvas-scanner
Project mention: Show HN: Pre-alpha tool for analyzing spdx SBOMs generated by GitHub | news.ycombinator.com | 2024-04-21I've become interested in SBOM recently, and found there were great tools like https://dependencytrack.org/ for CycloneDX SBOMs, but all I have is SPDX SBOMs generated by GitHub.
I decided to have a go at writing my own dependency track esque tool aiming to integrate with the APIs GitHub provides.
It's pretty limited in functionality so far, but can give a high level summary of the types of licenses your repository dependencies use, and let you drill down into potentially problematic ones.
Written in NextJS + mui + sqlite, and using another project of mine to generate most of the API boilerplate/glue (https://github.com/mnahkies/openapi-code-generator)
Project mention: A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons | dev.to | 2024-04-16KICS (stands for "Keeping Infrastructure as Code Secure"): Owner/Maintainer: Checkmarx Age: First released on GitHub on November 30th, 2020 License: Apache License 2.0
Project mention: A Tale of Two Kitchens - Hypermodernizing Your Python Code Base | dev.to | 2023-11-12Safety and Dependabot complement these security tools by focusing on external dependencies. Safety takes charge of examining your dependencies, ensuring they are up-to-date and free from any known vulnerabilities. Dependabot works similarly, scanning dependencies, verifying if they're current and assessing them for potential security flaws. This function is crucial as weaknesses in external dependencies can compromise the security of the entire codebase.
So far, I’ve been using Metlo's protection features to initially test out its capabilities on my app, but there’s still a whole other Testing feature that it has that I'm starting to look into. Everything I’ve tried out has been pretty quick and easy so hopefully I can play around with the Testing more to help me catch any other authentication or authorization vulnerabilities that might exist in my app. If this is something that interests you, you can check it out at https://metlo.com .
vulnerability-detection related posts
- Exclude certain CIS (sca) rules from agents
- Deployment issue
- Greenbone
- Update vulnerability databases through proxy with authentication
- 💻 Introducing Wazuh 4.7.0.
- Scanning ports and finding network vulnerabilities using nmap
- Mageni
-
A note from our sponsor - InfluxDB
www.influxdata.com | 26 Apr 2024
Index
What are some of the best open-source vulnerability-detection projects? This list will help you:
Project | Stars | |
---|---|---|
1 | trivy | 21,316 |
2 | nuclei | 17,234 |
3 | lynis | 12,507 |
4 | vuls | 10,671 |
5 | kubescape | 9,686 |
6 | Wazuh | 9,161 |
7 | nuclei-templates | 8,024 |
8 | DependencyCheck | 5,863 |
9 | scan4all | 5,231 |
10 | ThreatMapper | 4,631 |
11 | arachni | 3,639 |
12 | vulscan | 3,314 |
13 | openvas-scanner | 2,870 |
14 | dependency-track | 2,315 |
15 | cve-search | 2,197 |
16 | kics | 1,896 |
17 | rapidscan | 1,650 |
18 | safety | 1,626 |
19 | metlo | 1,567 |
20 | graudit | 1,344 |
21 | trivy-operator | 1,038 |
22 | Open-Source-Security-Guide | 850 |
23 | killshot | 612 |
Sponsored