5 Repos
Automated checks that block CI/CD pipelines based on security criteria.
Distinguishing note: Focuses on policy enforcement as a pipeline gate.
Explore 5 awesome GitHub repositories matching devops & infrastructure · Security Gates. Refine with filters or upvote what's useful.
ECC ist ein LLM-Agenten-Orchestrierungs-Framework und eine plattformübergreifende KI-Tool-Suite, die darauf ausgelegt ist, Multi-Modell-Workflows zu koordinieren. Es bietet ein System zur Verwaltung spezialisierter Agentenrollen, wiederverwendbarer Fähigkeiten und strukturierter Planung, um komplexe Softwareentwicklungsaufgaben über verschiedene KI-gestützte Code-Editoren hinweg auszuführen. Das Projekt zeichnet sich als Model Context Protocol Manager aus und bietet eine Konfigurationsschicht zur Integration externer Server und zur Prüfung der Tool-Ausführung. Es implementiert zudem eine agentische Sicherheits-Sandbox, die den Zugriff auf sensible Dateien einschränkt und auf Geheimnislecks scannt, um autonome Workflows zu sichern. Das Framework deckt breite Fähigkeitsbereiche ab, einschließlich der Automatisierung von KI-Coding-Workflows mit Leitplanken für testgetriebene Entwicklung, Modellkostenoptimierung durch intelligentes Routing und zustandsisoliertes Speichermanagement. Es enthält zudem Tools zur Durchsetzung sprachspezifischer Codierungsstandards und zur Verwaltung von Agentenverhalten über verschiedene integrierte Entwicklungsumgebungen hinweg. Das System wird über eine Befehlszeilenschnittstelle verwaltet, die die Tool-Installation, Konfigurationsreparatur und die Bereitstellung von Tool-Presets handhabt.
Gates destructive shell commands and scans for supply-chain vulnerabilities and secret leaks.
Gitleaks is a security scanning engine designed to identify hardcoded credentials, API keys, and other sensitive information within version control systems and local file structures. It functions as a static analysis tool that automates the detection of secrets, helping to prevent the accidental exposure of sensitive data during the development lifecycle. The tool distinguishes itself through its ability to perform deep forensic analysis of git history, allowing users to audit entire project timelines or enforce security gates within continuous integration pipelines. It supports complex detec
Prevents the introduction of sensitive information into codebases by enforcing security policies during development.
Snyk is an application security testing platform designed to identify and remediate vulnerabilities across source code, open-source dependencies, container images, and infrastructure-as-code configurations. It functions as a comprehensive security workflow automation tool, utilizing a static analysis engine and dependency graph mapping to detect security flaws and license compliance issues throughout the software development lifecycle. The platform distinguishes itself through agentic workflow orchestration and an automated remediation pipeline that generates and submits pull requests to patc
Blocks CI/CD pipelines based on security criteria and policy requirements.
The Snyk CLI is a command-line security scanner that detects known vulnerabilities across open-source dependencies, proprietary application code, container images, and infrastructure-as-code configuration files. It also serves as a platform management tool, allowing users to configure organizations, users, SSO, and reporting from the terminal rather than the web dashboard. The CLI integrates directly into development workflows, enabling scanning within IDEs, build pipelines, and version control systems. It implements static analysis with interfile data flow analysis to find complex security f
Fails builds when tests detect vulnerabilities in open source, code, infrastructure-as-code, or containers.
Flox is a Nix environment manager designed to create, share, and maintain reproducible software stacks. It uses declarative manifests to isolate project dependencies and toolchains, ensuring identical runtimes across different machines and operating systems. The platform distinguishes itself by enabling the deployment of imageless workloads to Kubernetes, allowing software to run in pods without traditional container images. It can also synthesize OCI-compliant container images and distroless artifacts directly from declarative environment definitions. The project covers broad capability are
Blocks unauthorized software by rejecting any environment hash not present in a validated catalog.