Skip to content

Commit

Permalink
Merge pull request #21 from Twodragon0/main
Browse files Browse the repository at this point in the history
Add trivy, prowler, gitleaks tool
  • Loading branch information
hahwul authored Oct 27, 2024
2 parents cc2a130 + fd94c1e commit 4fc0e50
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
3 changes: 3 additions & 0 deletions tools/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ Spending a lot of time on applying DevSecOps is searching, comparing, and making
## List of Tool
| Type | Name | Description | Popularity | Language |
| ---------- | :---------- | :----------: | :----------: | :----------: |
| Build/SAST | [Gitleaks](https://github.com/gitleaks/gitleaks) | Gitleaks is a SAST tool for detecting hardcoded secrets like API keys, tokens, and passwords in Git repositories, providing a CLI, GitHub Action, and pre-commit hooks for secret detection. | ![](https://img.shields.io/github/stars/gitleaks/gitleaks) | ![](https://img.shields.io/github/languages/top/gitleaks/gitleaks) |
| Build/SAST | [SonarQube](https://www.sonarqube.org/) | SonarQube is an open-source platform for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray)
| Build/SAST | [codeql](https://github.com/github/codeql) | CodeQL | ![](https://img.shields.io/github/stars/github/codeql) | ![](https://img.shields.io/github/languages/top/github/codeql) |
| Build/SAST | [ggshield](https://github.com/GitGuardian/ggshield) | An open source CLI from GitGuardian to detect 350+ types of hardcoded secrets and 70+ IaC misconfigurations | ![](https://img.shields.io/github/stars/GitGuardian/ggshield) | ![](https://img.shields.io/github/languages/top/GitGuardian/ggshield) |
Expand All @@ -23,6 +24,8 @@ Spending a lot of time on applying DevSecOps is searching, comparing, and making
| Design/THREAT | [threagile](https://github.com/Threagile/threagile) | Agile Threat Modeling Toolkit | ![](https://img.shields.io/github/stars/Threagile/threagile) | ![](https://img.shields.io/github/languages/top/Threagile/threagile) |
| Operate and Monitor/COMPONENT-ANALYSIS | [dependency-track](https://github.com/DependencyTrack/dependency-track) | Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. | ![](https://img.shields.io/github/stars/DependencyTrack/dependency-track) | ![](https://img.shields.io/github/languages/top/DependencyTrack/dependency-track) |
| Operate and Monitor/K8S | [kube-hunter](https://github.com/aquasecurity/kube-hunter) | Hunt for security weaknesses in Kubernetes clusters | ![](https://img.shields.io/github/stars/aquasecurity/kube-hunter) | ![](https://img.shields.io/github/languages/top/aquasecurity/kube-hunter) |
| Operate and Monitor/SECURITY-AUDIT | [Prowler](https://github.com/prowler-cloud/prowler) | Prowler is a security tool for AWS, providing over 100 checks for compliance with standards like CIS, GDPR, and HIPAA, and auditing AWS account configurations. | ![](https://img.shields.io/github/stars/prowler-cloud/prowler) | ![](https://img.shields.io/github/languages/top/prowler-cloud/prowler) |
| Operate and Monitor/SECURITY-SCAN | [Trivy](https://github.com/aquasecurity/trivy) | Trivy is an open-source, all-in-one security scanner for container images, file systems, and Git repositories, detecting vulnerabilities and misconfigurations. | ![](https://img.shields.io/github/stars/aquasecurity/trivy) | ![](https://img.shields.io/github/languages/top/aquasecurity/trivy) |
| Test/DAST | [action-baseline](https://github.com/zaproxy/action-baseline) | A GitHub Action for running the OWASP ZAP Baseline scan | ![](https://img.shields.io/github/stars/zaproxy/action-baseline) | ![](https://img.shields.io/github/languages/top/zaproxy/action-baseline) |
| Test/DAST | [action-dalfox](https://github.com/hahwul/action-dalfox) | XSS scanning with Dalfox on Github-action | ![](https://img.shields.io/github/stars/hahwul/action-dalfox) | ![](https://img.shields.io/github/languages/top/hahwul/action-dalfox) |
| Test/DAST | [action-full-scan](https://github.com/zaproxy/action-full-scan) | A GitHub Action for running the OWASP ZAP Full scan | ![](https://img.shields.io/github/stars/zaproxy/action-full-scan) | ![](https://img.shields.io/github/languages/top/zaproxy/action-full-scan) |
Expand Down
15 changes: 15 additions & 0 deletions tools/data.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,21 @@
"Method": "SAST",
"Type": "Build"
},
"Gitleaks": {
"Data": "| Build/SAST | [Gitleaks](https://github.com/gitleaks/gitleaks) | Gitleaks is a SAST tool for detecting hardcoded secrets like API keys, tokens, and passwords in Git repositories, providing a CLI, GitHub Action, and pre-commit hooks for secret detection. | ![](https://img.shields.io/github/stars/gitleaks/gitleaks) | ![](https://img.shields.io/github/languages/top/gitleaks/gitleaks) |",
"Method": "SAST",
"Type": "Build"
},
"Trivy": {
"Data": "| Operate and Monitor/SECURITY-SCAN | [Trivy](https://github.com/aquasecurity/trivy) | Trivy is an open-source, all-in-one security scanner for container images, file systems, and Git repositories, detecting vulnerabilities and misconfigurations. | ![](https://img.shields.io/github/stars/aquasecurity/trivy) | ![](https://img.shields.io/github/languages/top/aquasecurity/trivy) |",
"Method": "SECURITY-SCAN",
"Type": "Operate and Monitor"
},
"Prowler": {
"Data": "| Operate and Monitor/SECURITY-AUDIT | [Prowler](https://github.com/prowler-cloud/prowler) | Prowler is a security tool for AWS, providing over 100 checks for compliance with standards like CIS, GDPR, and HIPAA, and auditing AWS account configurations. | ![](https://img.shields.io/github/stars/prowler-cloud/prowler) | ![](https://img.shields.io/github/languages/top/prowler-cloud/prowler) |",
"Method": "SECURITY-AUDIT",
"Type": "Operate and Monitor"
},
"action-baseline": {
"Data": "| Test/DAST | [action-baseline](https://github.com/zaproxy/action-baseline) | A GitHub Action for running the OWASP ZAP Baseline scan | ![](https://img.shields.io/github/stars/zaproxy/action-baseline) | ![](https://img.shields.io/github/languages/top/zaproxy/action-baseline) |",
"Method": "DAST",
Expand Down

0 comments on commit 4fc0e50

Please sign in to comment.