8 रिपॉजिटरी
Integrations for enforcing security reviews and automated vulnerability scanning within deployment workflows.
Distinguishing note: Focuses on security-as-code within CI/CD pipelines rather than general infrastructure hardening.
Explore 8 awesome GitHub repositories matching devops & infrastructure · Pipeline Security. Refine with filters or upvote what's useful.
Context7 is an AI-powered documentation retrieval engine designed to provide developers and AI agents with real-time, context-aware access to technical documentation and code snippets. By integrating external library documentation as callable tools, the platform equips AI coding assistants with project-specific knowledge, helping to improve generation accuracy and reduce hallucinations during inference. The platform distinguishes itself through a robust security and governance framework that manages documentation as a centralized knowledge base. It employs a multi-source ingestion pipeline to
Ensures software integrity by integrating security code reviews and automated dependency scanning into deployment pipelines.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Protects automated build and deployment pipelines from unauthorized access and malicious code injection.
Strix is an automated security research and vulnerability scanning platform that leverages language models to orchestrate complex security analysis tasks. It functions as a comprehensive framework for penetration testing and continuous security integration, allowing users to embed automated vulnerability research directly into development pipelines or execute it within isolated, containerized environments. The platform distinguishes itself through a multi-agent orchestration engine that coordinates specialized autonomous agents to perform parallel security assessments. By integrating LLM-agno
Blocks vulnerable code from reaching production by running automated security tests within CI/CD workflows.
OWASP ZAP is a dynamic application security testing tool and intercepting HTTP proxy used to find vulnerabilities in web applications. It functions as a penetration testing framework that enables both automated security scanning and manual security testing of running web services. The tool provides a suite of capabilities for analyzing web applications from the outside in, including the ability to capture and modify traffic between a browser and a target application. It is designed to integrate into DevSecOps pipelines to provide consistent security checks across different environments.
Integrates automated vulnerability scanning directly into CI/CD deployment workflows.
Prowler is an automated cloud infrastructure security scanner and posture management tool. It evaluates cloud environments and infrastructure-as-code templates against security benchmarks to identify misconfigurations, vulnerabilities, and compliance gaps that could compromise system integrity. The platform distinguishes itself through graph-based attack path analysis, which identifies chains of misconfigurations that create exploitable routes for unauthorized access. It utilizes a plugin-based execution model to perform state-based assessments of live environments and static analysis of conf
Integrates automated security scanning into CI/CD pipelines to detect and block misconfigurations before deployment.
Grype is a command-line security scanner designed to identify known vulnerabilities within container images, filesystems, and software manifests. It functions as a software composition analysis tool that detects security flaws in application components and open-source libraries to support supply chain security. The tool distinguishes itself by reconstructing the final state of container images through layered filesystem inspection and normalizing diverse package formats into a unified dependency graph. It maintains a local cache of security advisories synchronized from multiple upstream sourc
Facilitates automated security checks and oversight by exporting scan results for integration into continuous integration workflows.
Snyk is an application security testing platform designed to identify and remediate vulnerabilities across source code, open-source dependencies, container images, and infrastructure-as-code configurations. It functions as a comprehensive security workflow automation tool, utilizing a static analysis engine and dependency graph mapping to detect security flaws and license compliance issues throughout the software development lifecycle. The platform distinguishes itself through agentic workflow orchestration and an automated remediation pipeline that generates and submits pull requests to patc
Enforces security reviews and automated vulnerability scanning within deployment workflows.
This project is a web application security standard and vulnerability framework. It provides a comprehensive list of the most critical security risks facing web applications, paired with technical guidance and a structured methodology for identifying and mitigating these flaws. The framework functions as a secure coding guide and a risk assessment methodology, offering a standardized approach to prioritizing vulnerabilities based on their potential impact and likelihood of exploitation. It defines architectural patterns and technical recommendations to help developers implement defense in dep
Provides a framework for hardening infrastructure and enforcing separation of duties within the build pipeline.