awesome-repositories.com
المدونة
awesome-repositories.com

اكتشف أفضل مستودعات المصادر المفتوحة باستخدام بحث مدعوم بالذكاء الاصطناعي.

استكشفعمليات بحث منسقةOpen-source alternativesSelf-hosted softwareالمدونةخريطة الموقع
المشروعحولHow we rankالصحافةخادم MCP
قانونيالخصوصيةالشروط
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

14 مستودعات

Awesome GitHub RepositoriesInfrastructure as Code Security

Security scanning for infrastructure configuration files.

Distinguishing note: Focuses on automated configuration analysis.

Explore 14 awesome GitHub repositories matching security & cryptography · Infrastructure as Code Security. Refine with filters or upvote what's useful.

Awesome Infrastructure as Code Security GitHub Repositories

اعثر على أفضل المستودعات باستخدام الذكاء الاصطناعي.سنبحث عن أفضل المستودعات المطابقة باستخدام الذكاء الاصطناعي.
  • owasp/cheatsheetseriesالصورة الرمزية لـ OWASP

    OWASP/CheatSheetSeries

    32,298عرض على GitHub↗

    The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral

    Scans configuration files to protect cloud environments from misconfigurations.

    Pythonapplication-securityappsecbest-practices
    عرض على GitHub↗32,298
  • projectdiscovery/subfinderالصورة الرمزية لـ projectdiscovery

    projectdiscovery/subfinder

    13,105عرض على GitHub↗

    Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint. The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orc

    Identifies security findings such as dangling DNS records or exposed origin IP addresses during asset enumeration.

    Gobugbountyhackinghacktoberfest
    عرض على GitHub↗13,105
  • kubescape/kubescapeالصورة الرمزية لـ kubescape

    kubescape/kubescape

    11,489عرض على GitHub↗

    Kubescape is a Kubernetes security posture management platform designed to scan clusters, manifests, and images for misconfigurations, vulnerabilities, and compliance risks. It functions as a comprehensive security suite incorporating a compliance scanner, a container image vulnerability scanner, an admission controller for policy enforcement, and a runtime security monitor. The platform distinguishes itself through runtime-aware vulnerability filtering, which maps libraries loaded in memory to determine if vulnerabilities are actually reachable. It also integrates with AI assistants via a Mo

    Performs automated security scanning of infrastructure configuration files and manifests.

    Gobest-practicedevopskubernetes
    عرض على GitHub↗11,489
  • armosec/kubescapeالصورة الرمزية لـ armosec

    armosec/kubescape

    11,482عرض على GitHub↗

    Kubescape is a security platform for Kubernetes that provides tools for scanning clusters, configurations, and container images against industry compliance and security benchmarks. It functions as a suite of security utilities, including a compliance auditor, a misconfiguration scanner, and a container vulnerability scanner. The project differentiates itself through automated remediation and active enforcement. It can automatically patch operating system vulnerabilities in images and fix security errors within manifest files. It also utilizes an admission controller to block the deployment of

    Analyzes Kubernetes manifests and cluster states to identify and remediate security risks and misconfigurations.

    Go
    عرض على GitHub↗11,482
  • sullo/niktoالصورة الرمزية لـ sullo

    sullo/nikto

    10,104عرض على GitHub↗

    Nikto is an open-source HTTP security auditing tool and web server vulnerability scanner. It functions as a reconnaissance engine designed to identify insecure server options, outdated software, and common vulnerabilities by analyzing HTTP responses. The project differentiates itself through capabilities for intrusion detection evasion and web server fingerprinting. It uses request-level encoding and timing spacers to bypass security filters and employs signature-based identification to determine specific server software versions and misconfigurations. The scanner covers broad capability are

    Identifies insecure server options and configuration errors that could expose the system to attack.

    Perl
    عرض على GitHub↗10,104
  • bridgecrewio/checkovالصورة الرمزية لـ bridgecrewio

    bridgecrewio/checkov

    8,798عرض على GitHub↗

    Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security

    Provides automated security scanning for infrastructure configuration files across various cloud providers.

    Python
    عرض على GitHub↗8,798
  • aquasecurity/tfsecالصورة الرمزية لـ aquasecurity

    aquasecurity/tfsec

    7,013عرض على GitHub↗

    tfsec is a static analysis tool and infrastructure as code linter designed to detect security misconfigurations and compliance violations in Terraform infrastructure code. It functions as a cloud security posture tool and policy enforcement engine that evaluates configurations against established security benchmarks. The tool provides multi-cloud security auditing for providers including AWS, Azure, Google Cloud, and Kubernetes, as well as specialized scanning for DigitalOcean, OpenStack, CloudStack, and GitHub configurations. It identifies insecure settings such as public access or unencrypt

    Provides automated security scanning and misconfiguration detection for infrastructure-as-code configuration files.

    Go
    عرض على GitHub↗7,013
  • tfsec/tfsecالصورة الرمزية لـ tfsec

    tfsec/tfsec

    7,013عرض على GitHub↗

    tfsec is a static analysis tool and security scanner for infrastructure as code, specifically designed to detect misconfigurations and compliance violations in Terraform and cloud infrastructure definitions before deployment. It functions as a cloud security policy engine that identifies vulnerabilities across multiple cloud platforms. The tool provides capabilities for cloud compliance auditing and scanning of Cloud Development Kit code. It supports custom security policy enforcement and allows for the definition of organization-specific security requirements. The scanner includes features

    Scans Terraform and cloud configuration files to identify security misconfigurations before deployment.

    Go
    عرض على GitHub↗7,013
  • liamg/tfsecالصورة الرمزية لـ liamg

    liamg/tfsec

    7,013عرض على GitHub↗

    tfsec is a static analysis tool and security scanner for Terraform configuration files. It functions as an infrastructure as code security scanner and compliance linter designed to detect misconfigurations and vulnerabilities across multiple cloud providers before resources are deployed. The tool identifies security risks by analyzing infrastructure code and variable files to evaluate the final state of the environment. It supports custom policy enforcement and allows for the suppression of specific security warnings through inline comments. Its capabilities cover cloud security posture mana

    Performs automated security scanning of infrastructure configuration files to ensure compliance.

    Go
    عرض على GitHub↗7,013
  • capitalone/cloud-custodianالصورة الرمزية لـ capitalone

    capitalone/cloud-custodian

    6,016عرض على GitHub↗

    Cloud Custodian هو محرك حوكمة متعدد السحابة وأداة لإنفاذ السياسات مصممة لأتمتة الأمان والامتثال وتحسين التكلفة عبر مزودي السحابة المختلفين. يعمل كمحرك قواعد يستخدم لغة مجال تعريفية للاستعلام عن موارد السحابة وتنفيذ إجراءات تصحيحية بناءً على فلاتر محددة مسبقاً. يعمل النظام كمنسق سياسات بدون خادم، حيث ينشر وظائف خاصة بالمزود لتشغيل الإنفاذ في الوقت الفعلي استجابة لتغييرات موارد السحابة. يوفر تجريداً للموارد محايداً للمزود للحفاظ على سياسات تشغيلية متسقة عبر حسابات واشتراكات ومشاريع متعددة. تغطي قدراته تدقيق البنية التحتية السحابية، بما في ذلك تحليل الأصول داخل خطوط أنابيب التكامل المستمر وإنشاء تقارير الامتثال. تدعم الأداة أيضاً تحسين التكلفة لتحديد وإزالة الموارد غير المستخدمة وتتضمن وضع محاكاة لتحديد الموارد المتأثرة دون تطبيق تغييرات فعلية.

    Performs security scanning on infrastructure configuration files within development and CI pipelines.

    Python
    عرض على GitHub↗6,016
  • projectdiscovery/naabuالصورة الرمزية لـ projectdiscovery

    projectdiscovery/naabu

    5,766عرض على GitHub↗

    Naabu is a port scanner library and tool that probes hosts for open ports using SYN, CONNECT, and UDP methods to identify active services. It functions as a Go library for embedding port scanning into programs, and as a standalone tool that accepts targets as hostnames, IP addresses, CIDR ranges, or ASN numbers. The tool discovers live hosts before scanning, filters ports by range or top lists, and can integrate with Nmap for service version detection. The project distinguishes itself through its SYN-based port probing approach that sends TCP SYN packets and analyzes responses without complet

    Retrieves infrastructure misconfiguration findings such as dangling DNS and origin IP exposure.

    Gocdn-exclusionhacktoberfestnmap
    عرض على GitHub↗5,766
  • snyk/snykالصورة الرمزية لـ snyk

    snyk/snyk

    5,586عرض على GitHub↗

    Snyk is an application security testing platform designed to identify and remediate vulnerabilities across source code, open-source dependencies, container images, and infrastructure-as-code configurations. It functions as a comprehensive security workflow automation tool, utilizing a static analysis engine and dependency graph mapping to detect security flaws and license compliance issues throughout the software development lifecycle. The platform distinguishes itself through agentic workflow orchestration and an automated remediation pipeline that generates and submits pull requests to patc

    Scans configuration files and container images to detect security misconfigurations and vulnerabilities before deployment to production environments.

    TypeScript
    عرض على GitHub↗5,586
  • tenable/terrascanالصورة الرمزية لـ tenable

    tenable/terrascan

    5,210عرض على GitHub↗

    Terrascan هي أداة تحليل ثابت مصممة لتقييم ملفات تكوين البنية التحتية ككود بحثاً عن ثغرات أمنية وانتهاكات الامتثال. من خلال تحليل هذه الملفات إلى تمثيل وسيط، تحدد المخاطر قبل توفير موارد السحابة، وتعمل كمدقق امتثال للبيئات السحابية الأصلية. تعمل الأداة كمحرك سياسة ككود، مما يسمح للمستخدمين بتعريف وإنفاذ قواعد أمان مخصصة ومعايير الصناعة باستخدام لغة استعلام متخصصة. تتميز بقدرتها على التكامل مباشرة في سير عمل التطوير والنشر، مما يوفر حواجز أمان آلية يمكنها حظر عمليات النشر غير المتوافقة عبر التقارير القائمة على كود الخروج. بعيداً عن التحليل الثابت، تدعم المنصة مسح ثغرات سجل الحاويات لربط المخاطر القائمة على الصور بتكوينات البنية التحتية. كما توفر مراقبة انحراف التكوين لتتبع الموارد الموفرة مقابل خطوط أساس الأمان المعمول بها، إلى جانب آليات قمع مدفوعة بالتكوين لإدارة تجاوزات السياسة والإيجابيات الكاذبة. يوفر البرنامج كلاً من واجهة سطر أوامر للتحقق من التطوير المحلي وواجهة برمجة تطبيقات مسح يمكن الوصول إليها عبر الشبكة للتكامل عن بُعد مع أنظمة الطرف الثالث وخطوط الأنابيب الآلية.

    Scans infrastructure-as-code files for security vulnerabilities and misconfigurations before provisioning.

    Go
    عرض على GitHub↗5,210
  • fairwindsops/rbac-managerالصورة الرمزية لـ FairwindsOps

    FairwindsOps/rbac-manager

    1,654عرض على GitHub↗

    RBAC Manager is a Kubernetes operator that automates the management of role-based access control and service account permissions. It functions as a controller that synchronizes cluster authorization resources with user-defined configuration files, ensuring that security settings remain consistent with established requirements. The system operates by monitoring the cluster API for changes and reconciling the current state against declarative manifests. By treating authorization as infrastructure as code, it enables teams to manage permissions through version-controlled files rather than manual

    Automates the deployment of security policies and role bindings as infrastructure-as-code.

    Goauthorizationclustercrd
    عرض على GitHub↗1,654
  1. Home
  2. Security & Cryptography
  3. Infrastructure as Code Security

استكشف الوسوم الفرعية

  • Infrastructure Misconfiguration DetectorsTools that identify dangling DNS records, exposed origin IPs, and other infrastructure-level security weaknesses. **Distinct from Infrastructure as Code Security:** Distinct from general IaC security: focuses on live infrastructure discovery and runtime misconfiguration detection rather than static file analysis.