Code signing and transparency for containers and binaries

Vulnerable app with examples showing how to not use secrets

Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...)

jolokia-exploitation-toolkit

An incremental parsing system for programming tools

Source code of the Coccinelle project (mirror of the main Coccinelle repository located at Inria)

A modern TLS library in Rust

Check CDK applications for best practices using a combination of available rule packs

✉️ Composable all-in-one mail server.

A fast, low-resource Natural Language Processing and Text Correction library written in Rust.

A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.

Guide to using YubiKey for GnuPG and SSH

A data-type like Either but with an accumulating Applicative

A tool to scan Kubernetes cluster for risky permissions

Hunt for security weaknesses in Kubernetes clusters

Review Access - kubectl plugin to show an access matrix for k8s server resources

A tiny project for generating SnakeYAML deserialization payloads

CIDR country-level IP data, straight from the Regional Internet Registries, updated hourly. This is a read-only mirror.

Browser In The Browser (BITB) Templates

Automated mass refactoring of source code.

Example solutions demonstrating how to implement patterns within the AWS Security Reference Architecture guide using CloudFormation (including Customizations for AWS Control Tower) and Terraform.

Cloud Native Runtime Security

Manage, monitor and improve your cyber security posture.

A serverless sync server for Santa, built on AWS

Zentral is a high-visibility platform for controlling Apple endpoints in enterprises. It brings great observability to IT and makes tracking & reporting compliance much less manual.

The github API for Haskell

Greenbone Vulnerability Management Docker Image with OpenVAS

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readines…