# Cloud Security Configuration Auditors > Search results for `audit cloud accounts for security misconfigurations` on awesome-repositories.com. 113 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/audit-cloud-accounts-for-security-misconfigurations **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/audit-cloud-accounts-for-security-misconfigurations).** ## Results - [aws/aws-cdk](https://awesome-repositories.com/repository/aws-aws-cdk.md) (12,817 ⭐) — The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It employs a language-agnostic intermediate representation to synthesize these definitions into platform-specific configurations, while supporting aspect-oriented policy injection to apply security and compliance rules across infrastructure definitions during the synthesis phase. Beyond core provisioning, the project provides a modular component registry for distributing and reusing pre-configured infrastructure building blocks. It supports multi-account orchestration, allowing for the deployment of consistent resource sets across different regions and accounts from a single template, and includes capabilities for detecting infrastructure drift to ensure deployed environments remain aligned with their defined state. The project is distributed as a software development kit, providing programmatic interfaces to manage the full lifecycle of cloud resources and integrate infrastructure definitions directly into application codebases. - [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations against compliance standards and relies on a remote, periodically updated vulnerability database to maintain current detection logic without requiring binary updates. By employing static analysis pattern matching, it maps disparate scan results into a unified output schema for consistent reporting. Beyond its core scanning capabilities, the project supports cloud infrastructure auditing and deep inspection of local and remote environments. It is distributed as a single cross-platform executable, and comprehensive configuration and usage details are available in the project's official user guide. - [prowler-cloud/prowler](https://awesome-repositories.com/repository/prowler-cloud-prowler.md) (13,049 ⭐) — Prowler is an automated cloud infrastructure security scanner and posture management tool. It evaluates cloud environments and infrastructure-as-code templates against security benchmarks to identify misconfigurations, vulnerabilities, and compliance gaps that could compromise system integrity. The platform distinguishes itself through graph-based attack path analysis, which identifies chains of misconfigurations that create exploitable routes for unauthorized access. It utilizes a plugin-based execution model to perform state-based assessments of live environments and static analysis of configuration files, ensuring security coverage across the entire development lifecycle. The tool provides comprehensive capabilities for continuous security integration, allowing teams to automate compliance reporting by mapping findings to regulatory frameworks. It supports risk prioritization and provides actionable remediation guidance, while enabling the integration of security data into external incident management and monitoring systems through automated reporting pipelines. - [fallibleinc/security-guide-for-developers](https://awesome-repositories.com/repository/fallibleinc-security-guide-for-developers.md) (21,090 ⭐) — This project is a web application security guide and developer training resource. It serves as a secure coding framework and vulnerability remediation manual, providing software engineers with the tools to identify, prioritize, and fix common security holes across different application layers. The resource utilizes a structured verification framework and security audit checklists to systematically find vulnerabilities. It features a technical reference that maps specific security flaws to step-by-step instructions for remediation, supported by vulnerability statistics to help determine which defense efforts require the most urgent priority. The guide covers core security fundamentals including authentication, authorization, data sanitization, cryptography, and session management. It organizes these concepts into a modular instructional design to facilitate targeted learning and the implementation of secure coding practices. - [cisofy/lynis](https://awesome-repositories.com/repository/cisofy-lynis.md) (15,284 ⭐) — Lynis is an automated security auditing and system hardening framework designed for UNIX-based operating systems. It functions as a command-line utility that inspects local system configurations to identify security vulnerabilities, configuration weaknesses, and compliance gaps. By executing a series of modular tests, the tool generates actionable reports and remediation suggestions to assist in strengthening system defenses. The project distinguishes itself through a highly modular architecture that relies on shell-script-based execution and native system inspection. Users can define custom audit profiles to standardize security policies across diverse environments, while the plugin-driven extensibility allows for the development of specialized security checks tailored to unique infrastructure requirements. This flexibility enables the tool to operate in non-interactive batch modes, facilitating integration into automated scheduling and continuous monitoring workflows. Beyond core auditing, the framework supports enterprise-wide security management by aggregating data from multiple hosts into centralized reports. It provides capabilities for tracking system integrity, enforcing compliance baselines, and prioritizing hardening tasks based on risk assessments. The system also supports structured data serialization, allowing audit findings to be exported for external analysis and visualization. - [addyosmani/agent-skills](https://awesome-repositories.com/repository/addyosmani-agent-skills.md) (60,849 ⭐) — Agent-skills is a collection of structured instructions and behavioral personas designed to standardize how AI coding agents perform engineering tasks. It functions as a workflow orchestrator that maps natural language intent to repeatable technical sequences and verification checklists. The project distinguishes itself through the use of specialized markdown-defined roles, such as security auditors or test engineers, to apply targeted domain expertise. It employs an evidence-based verification model that requires runtime data or passing tests as mandatory exit criteria to ensure AI-generated code meets production standards. The system covers a broad range of engineering capabilities, including technical specification automation, multi-axis code reviews, and test-driven development. It also provides frameworks for context management, security auditing, and the orchestration of parallel agent tasks to synthesize findings into consolidated reports. These skills are implemented as standardized instructions and commands that can be loaded into an agent via auto-discovery or explicit installation. - [davila7/claude-code-templates](https://awesome-repositories.com/repository/davila7-claude-code-templates.md) (20,933 ⭐) — Claude Code Templates is a comprehensive framework for orchestrating specialized AI agents and automating development workflows within local environments. It provides a structured system for defining, configuring, and deploying AI personas that handle specific technical tasks, ranging from backend architecture and frontend implementation to security auditing and infrastructure management. The project distinguishes itself through a configuration-driven approach that allows teams to standardize development environments and share reusable agent definitions across projects. It includes a robust CLI toolkit for managing the entire agent lifecycle, from discovery and installation to execution and performance monitoring. By utilizing standardized protocols and modular function definitions, it enables seamless integration of external services and local tools into the assistant's capabilities. Beyond core agent management, the platform offers extensive support for workflow automation, including event-driven hooks, custom slash commands, and automated testing pipelines. It incorporates security-focused features such as granular permission enforcement, sandbox execution environments, and automated secret scanning to ensure safe operation. The system also provides observability tools, including real-time dashboards for tracking agent performance, token usage, and conversation history. - [qianniuspace/mcp-security-audit](https://awesome-repositories.com/repository/qianniuspace-mcp-security-audit.md) (53 ⭐) — A powerful MCP (Model Context Protocol) Server that audits npm package dependencies for security vulnerabilities. Built with remote npm registry integration for real-time security checks. - [clickhouse/clickhouse](https://awesome-repositories.com/repository/clickhouse-clickhouse.md) (48,229 ⭐) — ClickHouse is a high-performance, columnar analytical database designed for real-time query execution and large-scale data aggregation. It functions as a distributed data warehouse capable of processing petabytes of information, while also providing an embedded engine that integrates directly into applications for native query capabilities without external dependencies. The system is built to handle high-throughput ingestion and complex analytical workloads, delivering millisecond-level latency for interactive dashboards and operational monitoring. The platform distinguishes itself through advanced storage and execution techniques, including vectorized query processing and a merge tree storage engine that maintains performance during massive insertions. It features adaptive subcolumn mapping for semi-structured data and supports native vector search for machine learning and generative AI applications. To facilitate efficient data movement, the engine utilizes zero-copy shared memory buffers, minimizing overhead when interacting with external analytical tools or processing diverse file formats like Parquet, JSON, and Arrow. Beyond its core storage and processing capabilities, the project provides a comprehensive suite of tools for observability, security, and data integration. It includes built-in support for natural language querying, automated workflow orchestration for AI agents, and extensive diagnostic features for query plan inspection. The platform also offers robust cloud infrastructure management, including support for private networking, compliant deployment strategies, and integrated billing consolidation. - [toniblyx/prowler](https://awesome-repositories.com/repository/toniblyx-prowler.md) (14,005 ⭐) — Prowler is a multi-cloud security scanner and security posture management tool. It automates security and compliance assessments across multiple cloud environments to identify misconfigurations and vulnerabilities. The project provides a multi-cloud security analysis engine that operates as an automated auditor, evaluating infrastructure against industry-standard regulatory frameworks and security benchmarks. It features a cloud security visualization dashboard that uses a graph database to map cloud inventory and visualize potential attack paths. Capabilities include automated cloud infrastructure scanning, regulatory compliance verification, and weighted risk prioritization to rank security findings. The system also supports multi-account orchestration and provides a software development kit for building custom security tooling. The tool integrates into development workflows through programmatic interfaces for triggering scans and standardized file exports for pipeline integration. - [nccgroup/scoutsuite](https://awesome-repositories.com/repository/nccgroup-scoutsuite.md) (7,548 ⭐) — ScoutSuite is a multi-cloud security audit and configuration tool designed to identify security risks and misconfigurations across cloud environments. It functions as a security posture manager and compliance auditor, gathering resource metadata from cloud APIs to evaluate infrastructure against security benchmarks. The tool provides auditing capabilities for AWS, Google Cloud, DigitalOcean, and Kubernetes clusters and control planes. It distinguishes itself by decoupling data collection from analysis, allowing users to cache cloud configurations locally for offline auditing and iterative rule testing without repeated API calls. The system employs a JSON-based rule engine that supports custom security rule definitions, parameterized checks, and the suppression of specific findings. It manages authentication through credential files, managed identities, and temporary role assumptions, while generating visual security posture assessments via HTML reports and JSON exports. The tool can be executed within a pre-configured container environment containing all necessary dependencies. - [cube-js/cube](https://awesome-repositories.com/repository/cube-js-cube.md) (20,251 ⭐) — Cube is a semantic data layer that provides a unified framework for defining business metrics, dimensions, and relationships across diverse data sources. By acting as a headless business intelligence engine, it transforms raw data into a governed model that can be queried via SQL, REST, and GraphQL interfaces. This architecture ensures consistent data definitions and logic across all downstream analytical applications and reporting tools. The platform distinguishes itself through its integrated conversational AI capabilities, which allow users to explore data using natural language. It orchestrates these interactions by mapping questions to the underlying semantic model, ensuring that AI-generated insights remain accurate and context-aware. Furthermore, Cube is designed for multi-tenant environments, offering robust infrastructure isolation, row-level security, and dynamic context injection to ensure that data access is strictly governed and personalized for every user or tenant. Beyond its core modeling and AI features, the platform includes a comprehensive suite of tools for performance optimization, including automated pre-aggregation caching and asynchronous query queuing. It supports a wide range of data sources and deployment models, from self-hosted containers to managed cloud environments. The system also provides extensive programmatic control over report management, dashboard publishing, and user identity synchronization, making it suitable for embedding interactive analytics directly into custom software applications. - [gebalamariusz/cloud-audit](https://awesome-repositories.com/repository/gebalamariusz-cloud-audit.md) (60 ⭐) — Fast, opinionated AWS security scanner. Curated checks. Zero noise. Copy-paste fixes. - [harisekhon/devops-bash-tools](https://awesome-repositories.com/repository/harisekhon-devops-bash-tools.md) (8,062 ⭐) — DevOps-Bash-tools is a collection of shell scripts and aliases designed to automate cloud infrastructure, container orchestration, and CI/CD pipelines. It provides a comprehensive toolset for managing operational workflows through the command line. The project specializes in automating tasks across multiple platforms, including managing namespaces and secrets in Kubernetes, auditing resources in AWS and GCP, and triggering builds or managing environment variables in GitHub Actions, GitLab CI, and CircleCI. It also includes a toolkit for interacting with container registries to query manifests and optimize image sizes, as well as utilities for batch processing Git repositories and enforcing commit standards. Beyond cloud and pipeline management, the toolset covers a broad range of capabilities including system administration, development environment setup, and security auditing for identity permissions and secret leakage. It also provides utilities for media manipulation, data processing, and the automation of language runtime installations. - [chatwoot/chatwoot](https://awesome-repositories.com/repository/chatwoot-chatwoot.md) (31,959 ⭐) — Chatwoot is a self-hosted, omnichannel customer support platform designed to aggregate messages from diverse social and digital channels into a single, collaborative team inbox. It provides organizations with full data ownership and control over their support infrastructure, ensuring strict logical separation of customer data through multi-tenant architecture. By centralizing communication, the platform enables teams to manage, route, and resolve inquiries within a unified workspace that maintains complete interaction history for every contact. The platform distinguishes itself through an event-driven automation engine and a visual rule builder that allow teams to manage conversations and workflows without writing custom code. It incorporates intelligent features such as automated response drafting, conversation context recall, and a self-service knowledge base to improve agent efficiency. These capabilities are supported by granular role-based access controls and comprehensive performance analytics, which provide insights into agent productivity, inbox activity, and customer satisfaction trends. Beyond its core messaging and routing functions, the system offers a broad suite of operational tools including proactive engagement triggers, team workload balancing, and multilingual support. It supports flexible deployment strategies, including containerized and cloud-native orchestration, to accommodate various production environments. The platform is designed for extensibility, allowing for custom attribute management and integration with external systems via webhooks and API-based channels. - [redskycyber/cloud-security](https://awesome-repositories.com/repository/redskycyber-cloud-security.md) (301 ⭐) — This Repo serves as a collection of shared security and penetration testing resources for the cloud. - [elastic/elasticsearch](https://awesome-repositories.com/repository/elastic-elasticsearch.md) (77,012 ⭐) — Elasticsearch is a distributed search engine and document store designed for the high-performance indexing and retrieval of massive volumes of unstructured data. It functions as a centralized analytics platform, providing a schema-flexible architecture that organizes information into searchable indices while maintaining global cluster state through a distributed consensus mechanism. The platform distinguishes itself through its integrated approach to observability, security, and advanced analytics. It combines full-text, vector, and hybrid search capabilities with machine learning-driven insights, allowing users to perform complex statistical aggregations, geospatial analysis, and automated anomaly detection. Its storage architecture supports multi-tier data lifecycles, enabling efficient data placement across hot, warm, and cold nodes to balance performance with long-term retention requirements. Beyond core search and storage, the system provides comprehensive observability tools for centralized log analysis, application performance monitoring, and infrastructure health diagnostics. It includes built-in security operations for threat detection and endpoint protection, all managed through a unified RESTful API gateway. The system is accessible via standardized REST APIs for cluster management, data ingestion, and query execution. Extensive documentation is available to guide users through API references for search, indexing, security, and cluster administration. - [pulumi/pulumi](https://awesome-repositories.com/repository/pulumi-pulumi.md) (24,797 ⭐) — Pulumi is an infrastructure-as-code framework that enables the definition, deployment, and management of cloud resources using general-purpose programming languages. It functions as a cloud resource orchestrator that coordinates the lifecycle of heterogeneous infrastructure by executing code to construct dependency graphs and reconciling the desired state against actual cloud environments. The platform distinguishes itself through a language-host runtime bridge that allows developers to use standard programming languages to define infrastructure, rather than relying solely on domain-specific configuration formats. It utilizes a provider-based plugin architecture to interface with cloud APIs and incorporates a policy-as-code engine that validates infrastructure definitions against security and compliance rules during the deployment preview phase. The project covers a broad capability surface including multi-cloud orchestration, automated state management, and drift detection. It supports complex deployment workflows through stack-based environment isolation, programmatic secret injection, and integration with continuous delivery pipelines. These features allow for the governance of infrastructure across diverse environments while maintaining consistency through version-controlled code. The platform provides extensive documentation and a command-line interface to facilitate project initialization, infrastructure import, and deployment monitoring. It supports a wide range of cloud providers and container orchestration platforms, enabling teams to build self-service infrastructure portals and automate resource provisioning through standardized, reusable components. - [0xnazgul/blockchain-security-audit-list](https://awesome-repositories.com/repository/0xnazgul-blockchain-security-audit-list.md) (0 ⭐) — A list of Blockchain Security audit companies, solo auditors and where to find all their public audits. - [boto/boto3](https://awesome-repositories.com/repository/boto-boto3.md) (9,834 ⭐) — Boto3 is the AWS SDK for Python, providing a programmatic interface for managing and automating AWS cloud infrastructure and services. It serves as a cloud management API client and resource manager for provisioning, configuring, and scaling virtual servers, databases, and storage. The library enables the implementation of infrastructure-as-code through declarative templates and scripts, allowing for the deployment of identical resource stacks across multiple accounts and geographic regions. It also provides a framework for coordinating distributed workflows, serverless functions, and containerized applications within the cloud ecosystem. The toolkit covers a broad range of operational capabilities, including generative AI orchestration, identity and access control, and detailed cloud resource monitoring. It further extends to data lifecycle management, including automated backups and migrations, as well as comprehensive billing and cost optimization tools. - [accounts-js/accounts](https://awesome-repositories.com/repository/accounts-js-accounts.md) (0 ⭐) — Fullstack authentication and accounts-management for GraphQL and REST. - [appwrite/appwrite](https://awesome-repositories.com/repository/appwrite-appwrite.md) (56,318 ⭐) — Appwrite is a backend-as-a-service platform that provides a unified development environment for building full-stack applications. It integrates essential infrastructure components—including authentication, databases, storage, and serverless functions—into a single, centralized interface to simplify application development and resource management. The platform distinguishes itself through a container-based microservices architecture that ensures consistent execution across diverse infrastructure. It features a versatile connectivity layer that links frontend applications with third-party services, databases, and external APIs through standardized interfaces. Developers can manage and automate the configuration of these backend resources using infrastructure-as-code tools, while granular role-based access control enforces security policies across all platform resources and API endpoints. Beyond its core services, the platform offers a broad capability surface that includes cross-platform data synchronization, event-driven webhooks, and comprehensive billing and usage monitoring. It supports extensive integrations for AI utilities, payment processing, messaging, and logging, allowing developers to extend application functionality through modular, event-driven workflows. The platform is designed for both managed and self-hosted deployments, providing tools for production environment optimization, data migration, and custom domain configuration. - [chainsulting/smart-contract-security-audits](https://awesome-repositories.com/repository/chainsulting-smart-contract-security-audits.md) (0 ⭐) — Smart Contract Audits (Ethereum, Hyperledger, EOS, Tezos) by a reputable company are an essential part of any smart contract development. While the rise of blockchain presents a unique opportunity to create smart contracts for digital assets, such as Utility or Security token. Smart Contract… - [daytonaio/daytona](https://awesome-repositories.com/repository/daytonaio-daytona.md) (72,416 ⭐) — Daytona is a cloud-native development environment platform designed to orchestrate ephemeral, containerized workspaces. It provides a centralized system for managing reproducible coding environments as code, ensuring consistency across distributed teams by abstracting the underlying infrastructure. By utilizing declarative configuration, the platform automates the entire lifecycle of development sandboxes, from initial provisioning to resource governance. The platform distinguishes itself through its infrastructure-agnostic runner layer, which allows development environments to be deployed across local machines, cloud services, or self-managed clusters. It incorporates multi-tenant resource governance to enforce organizational security policies and access controls, alongside event-driven automation that triggers workflows based on infrastructure changes. Furthermore, it enables secure remote connectivity, allowing developers to interact with isolated sandboxes through authenticated tunnels and remote IDE integration. Beyond core orchestration, the platform supports a wide range of development tasks, including integrated terminal access, file system management, and persistent storage mounting. It provides comprehensive observability tools for auditing system activity, monitoring resource consumption, and capturing visual session data. The platform also facilitates advanced automation through programmatic API access, enabling the integration of AI agents and custom workflows directly within the isolated execution environments. The project is implemented in TypeScript and provides a command-line interface and RESTful API for programmatic control over environment lifecycles and infrastructure settings. - [dokploy/dokploy](https://awesome-repositories.com/repository/dokploy-dokploy.md) (34,901 ⭐) — Dokploy is a self-hosted platform-as-a-service designed to simplify the deployment and management of containerized applications and databases. It provides a centralized control plane that decouples administrative management from application workloads, allowing users to oversee infrastructure across multiple server nodes through a unified web interface or a command-line tool. The platform distinguishes itself through an extensive library of pre-configured application templates, enabling the rapid deployment of databases, identity providers, and various productivity or development tools. It supports complex orchestration by allowing users to define multi-container services using standard configuration files, which can be managed through automated build pipelines, Git integration, and real-time performance monitoring. Beyond core deployment, the system includes robust infrastructure management capabilities such as automated backups to external object storage, horizontal and vertical scaling, and granular access control. It also provides secure configuration management, including environment variable synchronization, HTTPS certificate handling, and zero-downtime deployment strategies to ensure application stability and security. The platform is designed for ease of use, offering an interactive API documentation interface and instructional resources to guide users through installation and configuration. It supports a wide range of modern web frameworks and runtimes, providing a flexible environment for hosting and maintaining services on private server hardware. - [aquasecurity/tfsec](https://awesome-repositories.com/repository/aquasecurity-tfsec.md) (7,013 ⭐) — tfsec is a static analysis tool and infrastructure as code linter designed to detect security misconfigurations and compliance violations in Terraform infrastructure code. It functions as a cloud security posture tool and policy enforcement engine that evaluates configurations against established security benchmarks. The tool provides multi-cloud security auditing for providers including AWS, Azure, Google Cloud, and Kubernetes, as well as specialized scanning for DigitalOcean, OpenStack, CloudStack, and GitHub configurations. It identifies insecure settings such as public access or unencrypted storage across compute, networking, and identity services. The engine includes capabilities for complex expression evaluation to resolve functional expressions and resource relationships, ensuring misconfigurations are detected beyond literal string values. It supports custom policy definitions for organization-specific standards and allows for security warning suppression via source code comments or command-line flags. The scanner is designed for CI/CD security integration as a standalone binary or container, with the ability to export findings in structured formats such as JSON, SARIF, and CSV. - [floedesigntechnologies/phpcs-security-audit](https://awesome-repositories.com/repository/floedesigntechnologies-phpcs-security-audit.md) (0 ⭐) - [alfresco/prowler](https://awesome-repositories.com/repository/alfresco-prowler.md) (14,005 ⭐) — Prowler is a multi-cloud security posture management platform and vulnerability scanner. It provides tools for automating security audits, evaluating cloud infrastructure against regulatory compliance frameworks, and managing security assessments through a dedicated analysis dashboard. The project distinguishes itself by providing an AI-driven security context server that feeds structured data to AI assistants for automated risk analysis. It also employs graph-based attack path mapping to visualize potential lateral movement and exploitation routes across cloud inventories. The platform covers a broad range of capabilities including automated security assessments, risk prioritization through weighted scoring, and continuous environment monitoring. It supports integration into development workflows via a security tooling SDK and programmatic APIs for triggering scans and exporting results. - [jtesta/ssh-audit](https://awesome-repositories.com/repository/jtesta-ssh-audit.md) (4,218 ⭐) — SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) - [flarum/core](https://awesome-repositories.com/repository/flarum-core.md) (6,729 ⭐) — This project is a self-hosted community engine and forum software designed for hosting threaded discussions. It functions as a JSON API community platform, exposing all data and functionality through a standardized interface to support a single-page application architecture. The system is built to be a multi-language discussion board with integrated localization and language pack support. The platform is defined by a modular architecture that allows for extensive customization through an extension-based plugin system. This extensibility enables the modification of core behavior, the addition of new features, and the application of custom visual themes. It further allows for specific behavioral tweaks to application logic without requiring the build of a full extension. The software covers a broad range of administrative and operational capabilities, including member administration, user permission control, and community data migration from legacy systems. It includes tools for system monitoring via audit logs and statistics, automated task scheduling for background jobs, and a flexible email delivery configuration. Visual identity is managed through custom HTML injection, CSS styling, and branding asset management. The system uses a command-line interface for dependency management and retrieving system diagnostics. - [vernu/vps-audit](https://awesome-repositories.com/repository/vernu-vps-audit.md) (1,968 ⭐) — lightweight, dependency-free bash script for security, performance auditing and infrastructure monitoring of Linux servers. - [flarum/framework](https://awesome-repositories.com/repository/flarum-framework.md) (6,727 ⭐) — This project is a self-hosted forum software and extensible community platform designed to facilitate online discussions and member engagement. It functions as a REST API discussion engine, providing a backend that manages community interactions and forum data via a standardized JSON interface for external applications. The platform is distinguished by a modular architecture that allows for deep customization through a package-based extension system and an interface extension framework. It employs an extender-based customization model, enabling external modules to modify internal system behavior by registering callbacks. The framework covers a broad range of administrative and operational capabilities, including permission-based access control, multilingual support management, and automated background task scheduling. It also provides tools for database migration management, administrative action logging, and the configuration of email delivery drivers. The system includes a command-line utility for retrieving system versioning and extension status for debugging purposes. - [welldone-cloud/aws-summarize-account-activity](https://awesome-repositories.com/repository/welldone-cloud-aws-summarize-account-activity.md) (165 ⭐) — Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made, as well as regions, IP addresses and user agents they used. - [bitwarden/server](https://awesome-repositories.com/repository/bitwarden-server.md) (18,074 ⭐) — This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and automated machine-to-machine workflows. It supports advanced authentication methods including hardware security keys, passkeys, and biometric unlocking, while simultaneously offering programmatic interfaces for injecting secrets directly into development pipelines and automated infrastructure deployments. This dual-purpose design allows teams to maintain strict data sovereignty through local hosting and containerized deployments while enforcing granular governance across their entire user base. Beyond core storage, the system includes extensive observability and compliance tools, such as immutable audit logging, credential risk analysis, and integration with external security information and event management platforms. It also facilitates secure collaboration through encrypted information sharing, emergency access delegation, and automated identity provisioning. The software is designed for flexible deployment across diverse infrastructure environments and includes command-line utilities for administrative tasks, bulk data migration, and secret retrieval. - [dxa4481/trufflehog](https://awesome-repositories.com/repository/dxa4481-trufflehog.md) (26,790 ⭐) — TruffleHog is a secret scanning tool designed to identify leaked credentials and API keys across version control systems, cloud storage, and filesystems. It functions as a git secret detector that enumerates hidden commits and a cloud storage security auditor for inspecting container images and storage buckets. The project is distinguished by a credential verification engine that tests discovered secrets against service APIs to confirm they are active, which eliminates false positive alerts. It further analyzes these verified credentials to determine the specific access levels and resources they control. The tool covers a broad discovery surface, including the scanning of Elastic clusters, Postman workspaces, and Hugging Face resources. It provides capabilities for binary and document scanning, secret type classification, and the creation of custom detection rules using regular expressions and entropy filters. Automation is supported through CI/CD security scanning and pre-commit hooks to block credentials from entering a codebase before they are merged. - [bitwarden/clients](https://awesome-repositories.com/repository/bitwarden-clients.md) (13,114 ⭐) — This project is a comprehensive zero-knowledge security suite designed for enterprise credential management, secrets orchestration, and password management. It provides a secure, end-to-end encrypted vault that allows users to store, synchronize, and manage sensitive information, including passwords, passkeys, and infrastructure secrets, across desktop, mobile, and browser environments. The platform distinguishes itself through a strict zero-knowledge architecture where all encryption and decryption occur locally on the client, ensuring that plaintext data remains inaccessible to the server. It supports flexible deployment models, allowing organizations to choose between managed cloud services or self-hosted infrastructure to meet specific data sovereignty and compliance requirements. Furthermore, the system integrates with external identity providers to streamline user provisioning and authentication, while offering advanced administrative controls for policy enforcement and security auditing. Beyond core storage, the platform provides extensive tools for DevOps and automated workflows, including command-line interfaces for secret injection and programmatic SDKs for custom integrations. It also includes robust collaboration features for secure data sharing, team resource management, and credential health monitoring to help organizations maintain a strong security posture. - [techrate/smart-contract-audits](https://awesome-repositories.com/repository/techrate-smart-contract-audits.md) (0 ⭐) — 🔨 Free Smart Contract security check. - 🔧 Standart Smart Contract security audit. - 🛠 Full Smart Contract security audit. - [falcosecurity/falco](https://awesome-repositories.com/repository/falcosecurity-falco.md) (8,670 ⭐) — Falco is an eBPF runtime security monitor and cloud native detection engine that identifies abnormal behavior and security threats across hosts and containers. It functions as a Linux kernel event auditor, capturing system calls and kernel events in real-time to detect malicious activity. The system distinguishes itself through a rule-based threat detection model that evaluates system activity against a library of community-maintained rules and custom security definitions. It enriches raw kernel events with container and Kubernetes metadata to provide observability into isolated environments and supports the distribution of security plugins and rule sets as OCI-compliant artifacts. Broad capabilities include comprehensive event collection via eBPF probes, metadata-driven event enrichment, and a flexible alerting pipeline that routes structured JSON alerts to external SIEMs, webhooks, and data lakes. The project also provides tools for rule management, including syntax validation and macro-based logic simplification, as well as operational telemetry exported via Prometheus. Deployment is supported through packages, archives, and a declarative Kubernetes-native operator. - [pypa/pip-audit](https://awesome-repositories.com/repository/pypa-pip-audit.md) (1,318 ⭐) — Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them - [arthepsy/ssh-audit](https://awesome-repositories.com/repository/arthepsy-ssh-audit.md) (2,994 ⭐) — SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) - [formbricks/formbricks](https://awesome-repositories.com/repository/formbricks-formbricks.md) (12,391 ⭐) — Formbricks is an open-source survey and feedback platform designed to help teams capture and analyze user insights through targeted, in-app, and website-based interactions. It functions as a comprehensive customer experience analytics system that allows organizations to maintain full control over their data, user attributes, and survey workflows. The platform distinguishes itself through its event-driven architecture, which enables precise behavioral targeting by triggering surveys based on specific user actions or application events. It supports deep integration with external ecosystems by automatically synchronizing response data to CRMs, databases, and communication tools, while providing programmatic interfaces for managing resources and automating feedback loops. Beyond core collection, the system includes advanced logic for conditional branching, scoring, and personalized routing to create adaptive survey experiences. It offers extensive customization options, including white-labeling, CSS overrides, and multi-channel distribution across web, mobile, and email environments. The platform is built for self-hosting, supporting containerized deployments with built-in multi-tenant data isolation and enterprise-grade security features like single sign-on and role-based access control. - [projectdiscovery/subfinder](https://awesome-repositories.com/repository/projectdiscovery-subfinder.md) (13,105 ⭐) — Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint. The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orchestration to parallelize discovery workloads across remote nodes. For dynamic web application analysis, the tool incorporates headless browser rendering to execute client-side code and capture visual state. The platform provides a broad capability surface for security operations, including asynchronous interaction monitoring to detect blind vulnerabilities and server-side request forgery. It features a domain-specific language for granular filtering of scan results and supports pipeline-oriented data streaming to integrate findings into external security tools and reporting systems. The software is implemented in Go and provides a command-line interface for executing discovery tasks and managing security workflows. - [gitbookio/gitbook](https://awesome-repositories.com/repository/gitbookio-gitbook.md) (28,902 ⭐) — Gitbook is a documentation-as-code platform designed for centralized technical knowledge management. It functions as a knowledge management system that synchronizes documentation files directly with version control repositories, allowing teams to maintain content alongside their source code. The platform distinguishes itself through an integrated artificial intelligence layer that provides context-aware search assistance and automated content suggestions. By utilizing block-based content modeling, it enables the construction of structured, modular documentation that can be compiled into static sites or deployed as secure, branded portals. The system includes comprehensive tools for enterprise-grade publishing, including role-based access control, content localization, and custom domain configuration. It also incorporates observability features that analyze search queries to identify information gaps and improve the overall quality of technical documentation. - [elastic/detection-rules](https://awesome-repositories.com/repository/elastic-detection-rules.md) (2,508 ⭐) — This project is a detection-as-code framework providing a library of security monitoring rules and predefined detection content for Elasticsearch data indices. It serves as a threat detection rule library designed to identify malicious activity and attack patterns across diverse data streams in cloud and on-premises environments. The framework implements a detection engineering workflow where rules are defined in YAML and managed as versioned code. It includes a set of command-line utilities for automated rule deployment, metadata searching, and template generation, supported by a Python-based testing framework to validate rule syntax and accuracy before deployment. The system covers a broad range of security operations, including threat intelligence integration, cloud posture auditing, and security event correlation. It also provides capabilities for anomaly detection, entity risk analysis, and the coordination of security incidents through case management and alert noise suppression. - [okland/accounts-phone](https://awesome-repositories.com/repository/okland-accounts-phone.md) (0 ⭐) — Accounts-Phone - [wazuh/wazuh](https://awesome-repositories.com/repository/wazuh-wazuh.md) (14,779 ⭐) — Wazuh is an integrated security platform that combines endpoint detection and response, security information and event management, and cloud workload protection. It functions as a centralized system for collecting telemetry, aggregating logs, and correlating events across distributed infrastructure to maintain security and integrity. The platform distinguishes itself through its active response orchestration, which allows for the automated execution of scripts on remote endpoints to neutralize threats in real time. It provides deep visibility into system activity through file integrity monitoring and malware detection, while simultaneously evaluating configurations and software versions against established security benchmarks and threat databases. Beyond core detection, the platform supports comprehensive regulatory compliance auditing and user access management. It monitors both traditional endpoints and ephemeral cloud or containerized environments, providing a unified interface for security teams to identify patterns, enforce policies, and automate incident response actions. - [cloud-custodian/cloud-custodian](https://awesome-repositories.com/repository/cloud-custodian-cloud-custodian.md) (6,011 ⭐) — Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources - [denoland/deno](https://awesome-repositories.com/repository/denoland-deno.md) (107,110 ⭐) — Deno is a high-performance runtime for JavaScript and TypeScript that prioritizes security and developer productivity. Built on the V8 engine, it provides a secure execution environment that enforces a default-deny security model, requiring explicit user authorization for access to system resources like the file system, network, and environment variables. The runtime natively supports modern web-standard APIs, ensuring consistent behavior and portability across different environments. What distinguishes Deno is its integrated approach to the software development lifecycle. It bundles essential utilities—including a formatter, linter, test runner, and dependency manager—directly into the runtime, eliminating the need for external build tools or complex transpilation steps. The platform features a universal module resolution system that supports remote HTTPS URLs, local paths, and standard package registries, all backed by lockfiles to ensure build determinism and supply chain security. Beyond its core runtime capabilities, Deno includes a built-in, persistent key-value database engine that supports atomic transactions and reactive data monitoring. It also provides a robust compatibility layer for the Node.js ecosystem, allowing for the seamless execution of legacy modules and native binary addons. For multi-tenant or distributed applications, the runtime offers isolated sandbox environments that manage resource constraints and security boundaries, facilitating secure code execution in shared infrastructure. The project is distributed as a single binary, providing a unified toolchain for managing dependencies, executing tasks, and configuring runtime security policies. - [trufflesecurity/trufflehog](https://awesome-repositories.com/repository/trufflesecurity-trufflehog.md) (24,630 ⭐) — Trufflehog is a security tool designed to continuously monitor code repositories and cloud environments to detect, verify, and remediate exposed sensitive credentials and API keys. It functions as a comprehensive secret scanning engine that integrates directly into deployment pipelines and version control systems to intercept sensitive data before it is committed or pushed. By utilizing read-only operations and volatile memory processing, the system ensures that discovered credentials are never stored persistently, maintaining strict data privacy throughout the scanning lifecycle. The platform distinguishes itself through a privacy-focused architecture that relies on cryptographic fingerprinting to track and deduplicate findings without ever transmitting or storing raw sensitive values. It supports distributed scanning via independent agents that connect to a central dashboard, allowing for localized analysis while maintaining network isolation. Furthermore, the system provides automated incident response capabilities, including secret rotation and revocation, which help organizations minimize the window of vulnerability for compromised credentials. Beyond core detection, the project offers a broad capability surface for enterprise-wide access governance and security compliance. It includes modular detection logic for custom rule definitions, integration with external identity providers for role-based access control, and extensive monitoring across cloud storage, container infrastructure, and collaboration platforms. The system also provides detailed metadata tracing to link findings to specific users, pipelines, or commits, facilitating efficient remediation and auditability across large-scale development environments. - [collectiveidea/audited](https://awesome-repositories.com/repository/collectiveidea-audited.md) (3,491 ⭐) — Audited is a Ruby on Rails audit log library and change data capture framework. It tracks model changes by recording previous and current attribute values during create, update, and destroy operations to maintain a complete history of database modifications. The system functions as a database versioning tool and user activity tracker. It allows for the retrieval of historical record states by timestamp or index, enables reverting models to previous versions, and associates record modifications with specific user identities and remote IP addresses. The library includes capabilities for sensitive data protection by filtering encrypted attributes and excluding specific columns from logs. It also provides audit log management tools to control the volume of stored history through record limits and merging of old entries. Additional functionality includes the ability to attach descriptive comments to changes and link audits across associated models.