Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

The most scalable and customizable permission server on the market. Fix your slow or broken permission system with Google's proven "Zanzibar" approach. Supports ACL, RBAC, and more. Written in Go, …

A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.

A reading list for software supply-chain security.

eBPF-based Security Observability and Runtime Enforcement

Example recipes for Kubernetes Network Policies that you can just copy paste

Keyless Git signing using Sigstore

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍

Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernet…

Vulnerability scanning just got lazier

The authentication glue you need.

Tools and runtime for launching unmodified container images in Trusted Execution Environments

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Constellation is a Kubernetes distribution for confidential computing, securing entire clusters on untrusted infrastructure. Constellation is in maintenance mode. New development continues in Contr…

All-in-one Kubernetes access manager. User-level credentials, RBAC, SSO, audit logs.

Operator to deploy confidential containers runtime

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-…

GUAC aggregates software security metadata into a high fidelity graph database.

OpenSSF Scorecard - Security health metrics for Open Source

Official GitHub Action for OpenSSF Scorecard.

Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.

Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supply-chain metadata from cosign

Pinniped is the easy, secure way to log in to your Kubernetes clusters.

The immutable Linux meta-distribution for edge Kubernetes.

Language-agnostic SLSA provenance generation for Github Actions