5 repositorios
Automated checks that block CI/CD pipelines based on security criteria.
Distinguishing note: Focuses on policy enforcement as a pipeline gate.
Explore 5 awesome GitHub repositories matching devops & infrastructure · Security Gates. Refine with filters or upvote what's useful.
ECC es un framework de orquestación de agentes LLM y una suite de herramientas de IA multiplataforma diseñada para coordinar flujos de trabajo de múltiples modelos. Proporciona un sistema para gestionar roles de agentes especializados, habilidades reutilizables y planificación estructurada para ejecutar tareas complejas de desarrollo de software a través de diferentes editores de código impulsados por IA. El proyecto se distingue como un gestor de Protocolo de Contexto de Modelo, proporcionando una capa de configuración para integrar servidores externos y auditar la ejecución de herramientas. Además, implementa un sandbox de seguridad agentic que restringe el acceso a archivos confidenciales y escanea en busca de fugas de secretos para asegurar flujos de trabajo autónomos. El framework cubre amplias áreas de capacidad, incluyendo la automatización del flujo de trabajo de codificación de IA con barandillas de desarrollo impulsado por pruebas, optimización de costos de modelos a través de enrutamiento inteligente y gestión de memoria con estado aislado. También incluye herramientas para hacer cumplir los estándares de codificación específicos del lenguaje y gestionar los comportamientos de los agentes a través de varios entornos de desarrollo integrados. El sistema se gestiona a través de una interfaz de línea de comandos que maneja la instalación de herramientas, la reparación de configuración y la implementación de preajustes de herramientas.
Gates destructive shell commands and scans for supply-chain vulnerabilities and secret leaks.
Gitleaks is a security scanning engine designed to identify hardcoded credentials, API keys, and other sensitive information within version control systems and local file structures. It functions as a static analysis tool that automates the detection of secrets, helping to prevent the accidental exposure of sensitive data during the development lifecycle. The tool distinguishes itself through its ability to perform deep forensic analysis of git history, allowing users to audit entire project timelines or enforce security gates within continuous integration pipelines. It supports complex detec
Prevents the introduction of sensitive information into codebases by enforcing security policies during development.
Snyk is an application security testing platform designed to identify and remediate vulnerabilities across source code, open-source dependencies, container images, and infrastructure-as-code configurations. It functions as a comprehensive security workflow automation tool, utilizing a static analysis engine and dependency graph mapping to detect security flaws and license compliance issues throughout the software development lifecycle. The platform distinguishes itself through agentic workflow orchestration and an automated remediation pipeline that generates and submits pull requests to patc
Blocks CI/CD pipelines based on security criteria and policy requirements.
The Snyk CLI is a command-line security scanner that detects known vulnerabilities across open-source dependencies, proprietary application code, container images, and infrastructure-as-code configuration files. It also serves as a platform management tool, allowing users to configure organizations, users, SSO, and reporting from the terminal rather than the web dashboard. The CLI integrates directly into development workflows, enabling scanning within IDEs, build pipelines, and version control systems. It implements static analysis with interfile data flow analysis to find complex security f
Fails builds when tests detect vulnerabilities in open source, code, infrastructure-as-code, or containers.
Flox is a Nix environment manager designed to create, share, and maintain reproducible software stacks. It uses declarative manifests to isolate project dependencies and toolchains, ensuring identical runtimes across different machines and operating systems. The platform distinguishes itself by enabling the deployment of imageless workloads to Kubernetes, allowing software to run in pods without traditional container images. It can also synthesize OCI-compliant container images and distroless artifacts directly from declarative environment definitions. The project covers broad capability are
Blocks unauthorized software by rejecting any environment hash not present in a validated catalog.