8 Repos
Scans container images and cloud storage buckets for embedded sensitive information.
Distinguishing note: Focuses on infrastructure artifacts rather than source code.
Explore 8 awesome GitHub repositories matching devops & infrastructure · Infrastructure Scanning. Refine with filters or upvote what's useful.
Trufflehog is a security tool designed to continuously monitor code repositories and cloud environments to detect, verify, and remediate exposed sensitive credentials and API keys. It functions as a comprehensive secret scanning engine that integrates directly into deployment pipelines and version control systems to intercept sensitive data before it is committed or pushed. By utilizing read-only operations and volatile memory processing, the system ensures that discovered credentials are never stored persistently, maintaining strict data privacy throughout the scanning lifecycle. The platfor
Searches for secrets within container images and cloud storage buckets.
This project is an open-source intelligence reconnaissance framework and recursive attack surface mapper. It functions as a containerized security scanner designed to map public-facing infrastructure, perform subdomain enumeration, and automate the gathering of open-source intelligence. The system employs a recursive discovery engine to iteratively explore target infrastructure, utilizing a plugin-based module architecture to extend scanning capabilities. It integrates third-party APIs for data enrichment and applies YARA rules across discovered assets to identify specific vulnerability patte
Scans internet infrastructure recursively to discover and index all public-facing assets associated with a target.
Snyk is an application security testing platform designed to identify and remediate vulnerabilities across source code, open-source dependencies, container images, and infrastructure-as-code configurations. It functions as a comprehensive security workflow automation tool, utilizing a static analysis engine and dependency graph mapping to detect security flaws and license compliance issues throughout the software development lifecycle. The platform distinguishes itself through agentic workflow orchestration and an automated remediation pipeline that generates and submits pull requests to patc
Scans container images and infrastructure-as-code files to identify security risks before deployment.
Pigsty is a comprehensive database infrastructure orchestration platform designed to automate the full lifecycle of high-availability PostgreSQL clusters. It functions as an infrastructure-as-code framework that manages cluster coordination, node provisioning, and service discovery through idempotent playbooks. By integrating distributed consensus mechanisms, the platform ensures automated failover and consistent state enforcement across diverse environments, including bare metal and virtualized infrastructure. The platform distinguishes itself through a robust suite of operational capabiliti
Patches and updates critical third-party infrastructure components to resolve security vulnerabilities.
Pulse is an AI-driven infrastructure monitoring platform that unifies observation of Docker, Kubernetes, and Proxmox environments. It uses historical baselines and anomaly detection to scan infrastructure for actionable issues, and offers a natural language interface for querying system state. The platform distinguishes itself with agent-based auto-discovery—a single binary automatically detects container and virtualization hosts without manual setup. It supports approval-based remediation workflows, where AI-proposed fix commands are presented to the user and executed only after explicit aut
Automatically scans infrastructure with AI to detect anomalies, predict capacity, and correlate alerts.
Cartography ist ein graphbasiertes Framework zur Infrastrukturvisualisierung und Sicherheitsanalyse. Es erfasst Daten von verschiedenen Cloud-, Identitäts- und Software-as-a-Service-Anbietern, um komplexe Beziehungen zwischen Ressourcen, Benutzern und Sicherheitsergebnissen in einer zentralen Graphdatenbank zu modellieren. Durch die Abbildung dieser Abhängigkeiten ermöglicht die Plattform Unternehmen, Transparenz über ihre Umgebung zu gewinnen und potenzielle Sicherheitsrisiken durch Graph-Traversal-Abfragen zu identifizieren. Die Plattform zeichnet sich durch ihre ontologiebasierte Normalisierung und plattformübergreifende Entitätskorrelation aus, die heterogene Daten aus mehreren Quellen in ein einheitliches, konsistentes Modell überführen. Sie verwendet modulare Ingestions-Pipelines und schema-basierte Filterung, um diesen Graphen zu pflegen und sicherzustellen, dass Infrastrukturdaten durch automatisiertes, zustandsbasiertes Bereinigen veralteter Knoten korrekt bleiben. Dieser Ansatz ermöglicht die Entdeckung komplexer Angriffspfade und Sicherheitsfehlkonfigurationen, die sich über disparate Cloud-, Geräte- und Identitätsmanagementsysteme erstrecken. Über die Kernmodellierung hinaus bietet das System umfangreiche Funktionen für Asset-Inventarisierung, Identitäts-Governance und Software-Supply-Chain-Analyse. Es unterstützt eine breite Palette von Integrationen, einschließlich Cloud-nativer Compute- und Netzwerkressourcen, Endpunkt-Management-Telemetrie und Metadaten des Entwicklungslebenszyklus. Benutzer können die Funktionalität der Plattform erweitern, indem sie benutzerdefinierte Sicherheitsregeln definieren, spezialisierte Datenanalyse-Jobs hinzufügen oder neue Intelligenzquellen über das modulare Framework integrieren. Das Projekt ist in Python implementiert und bietet Dokumentation für die Konfiguration von Ingestionsmodulen und die Definition benutzerdefinierter Graph-Abfragen.
Executes pre-defined queries against graph-stored infrastructure data to identify potential attack surfaces, security gaps, and compliance violations.
Argus is a modular network reconnaissance framework designed for gathering network intelligence, mapping infrastructure, and assessing security postures through automated discovery tasks. It operates as a containerized security toolset that allows for the consistent execution of specialized information-gathering modules across different operating systems. The system functions as an infrastructure audit tool and a web application security scanner, performing tasks such as DNS lookups, port scanning, and the inspection of HTTP headers to detect vulnerabilities. It also serves as a threat intell
Provides automated security assessments of network assets and cloud infrastructure to discover vulnerabilities and exposed credentials.
AI-Infra-Guard is a security scanning platform designed to detect vulnerabilities across large language model deployments, AI agent skills, and the underlying infrastructure. It functions as a security toolset for auditing source code, evaluating model robustness, and identifying insecure network configurations. The project provides a red teaming framework that uses curated attack datasets to test for jailbreak vulnerabilities and prompt injections. It also includes an infrastructure auditor that employs network fingerprinting and asset discovery to match running components against known comm
Performs automated security assessments of network assets and cloud infrastructure supporting AI environments.