SaaSHub helps you find the best software and product alternatives Learn more →
Top 23 security-automation Open-Source Projects
-
vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
-
Wazuh
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Scanners-Box
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
-
hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
-
burpgpt
A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.
-
bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
-
fixinventory
Fix Inventory consolidates user, resource, and configuration data from your cloud environments into a unified, graph-based asset inventory.
-
Shuffle
Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.
-
cve-bin-tool
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.
6. Gosec
Also, for the attack emulation part you might be interested in CALDERA.
Project mention: Anyone using Tiny11 (or otherwise minimised debloated Windows) with a Surface? | /r/Surface | 2023-12-11
Project mention: Show HN: Pre-alpha tool for analyzing spdx SBOMs generated by GitHub | news.ycombinator.com | 2024-04-21I've become interested in SBOM recently, and found there were great tools like https://dependencytrack.org/ for CycloneDX SBOMs, but all I have is SPDX SBOMs generated by GitHub.
I decided to have a go at writing my own dependency track esque tool aiming to integrate with the APIs GitHub provides.
It's pretty limited in functionality so far, but can give a high level summary of the types of licenses your repository dependencies use, and let you drill down into potentially problematic ones.
Written in NextJS + mui + sqlite, and using another project of mine to generate most of the API boilerplate/glue (https://github.com/mnahkies/openapi-code-generator)
Project mention: Hayabusa: Sigma-based forensics timeline generator for Windows event logs | news.ycombinator.com | 2024-04-24
Project mention: Lost all my content writing contracts. Feeling hopeless as an author. | /r/ChatGPT | 2023-05-06
Project mention: Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python | news.ycombinator.com | 2023-10-26
Project mention: Show HN: Fix – An open source cloud asset inventory for cloud security engineers | news.ycombinator.com | 2024-03-27The reasoning is explained in the very section of our Github org README you quoted this sentence from. Our main open source project is Fix Inventory (https://github.com/someengineering/fixinventory) and that is very well documented (https://inventory.fix.security) and uses no commercial 3rd party libraries.
The Fix SaaS frontend that you're referring to and that you find at https://fix.security builds upon Fix Inventory. We could have just made it closed-source like every other SaaS (think Grafana Cloud). But because I'm a big proponent of OSS we decided to open source our entire SaaS stack, frontend, backend as well as all internal tooling. The main intend here is transparency, not so you spin up your own SaaS environment.
Essentially we develop the SaaS for ourselves first and foremost, but saw no reason to make it closed source. So that is why it might be using any number of commercial 3rd party add-ons.
> I'm curious to know what Material UI provided that any other open-source UI library did not.
I believe it was some MUI X table features like multi row sorting that we didn't feel like re-implementing. I'm sure there's other open source libs that would do that, but we've settled on MUI and are not going to start mixing different UI libraries for different visual elements if we don't absolutely have to.
Take a look at n8n.io or shuffler.io
.pre-commit-config.yaml – contains the cfn-lint and cfn_nag pre-commit hooks.
I was part of a project that did some analysis of OpenWRT firmware at scale. It was a lot of fun. The firmware is ( obviously ) publicly available. If you're interested in finding some cool results, you should try out FACT:
https://github.com/fkie-cad/FACT_core
It's a super neat tool that does lots of interesting things.
security-automation related posts
- Diving into Starlink's User Terminal Firmware
- Splunk Enterprise Security dashboard that let's you prioritize, track your security automation efforts and sell your wins to management through quantitative metrics
- SOC Malware/Detection lab
- Security Audit Scan
- Automated penetration testing software?
- Kaseya Acquired Vonahi Security
- Endpoint Attack Simulation
-
A note from our sponsor - SaaSHub
www.saashub.com | 29 Apr 2024
Index
What are some of the best open-source security-automation projects? This list will help you:
Project | Stars | |
---|---|---|
1 | vuls | 10,671 |
2 | Wazuh | 9,161 |
3 | Scanners-Box | 7,981 |
4 | gosec | 7,454 |
5 | monkey | 6,483 |
6 | caldera | 5,175 |
7 | faraday | 4,615 |
8 | privatezilla | 3,417 |
9 | django-DefectDojo | 3,399 |
10 | Astra | 2,427 |
11 | dependency-track | 2,329 |
12 | content | 2,082 |
13 | hayabusa | 1,938 |
14 | burpgpt | 1,882 |
15 | bearer | 1,736 |
16 | fixinventory | 1,533 |
17 | hardening | 1,308 |
18 | Sooty | 1,282 |
19 | Shuffle | 1,259 |
20 | cfn_nag | 1,220 |
21 | FACT_core | 1,159 |
22 | cve-bin-tool | 1,071 |
23 | APTRS | 771 |
Sponsored