diff --git a/tools/README.md b/tools/README.md index 9192983..276a70f 100644 --- a/tools/README.md +++ b/tools/README.md @@ -9,6 +9,7 @@ Spending a lot of time on applying DevSecOps is searching, comparing, and making ## List of Tool | Type | Name | Description | Popularity | Language | | ---------- | :---------- | :----------: | :----------: | :----------: | +| Build/SAST | [Gitleaks](https://github.com/gitleaks/gitleaks) | Gitleaks is a SAST tool for detecting hardcoded secrets like API keys, tokens, and passwords in Git repositories, providing a CLI, GitHub Action, and pre-commit hooks for secret detection. | ![](https://img.shields.io/github/stars/gitleaks/gitleaks) | ![](https://img.shields.io/github/languages/top/gitleaks/gitleaks) | | Build/SAST | [SonarQube](https://www.sonarqube.org/) | SonarQube is an open-source platform for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray)|![](https://img.shields.io/static/v1?label=&message=it's%20not%20github&color=gray) | Build/SAST | [codeql](https://github.com/github/codeql) | CodeQL | ![](https://img.shields.io/github/stars/github/codeql) | ![](https://img.shields.io/github/languages/top/github/codeql) | | Build/SAST | [ggshield](https://github.com/GitGuardian/ggshield) | An open source CLI from GitGuardian to detect 350+ types of hardcoded secrets and 70+ IaC misconfigurations | ![](https://img.shields.io/github/stars/GitGuardian/ggshield) | ![](https://img.shields.io/github/languages/top/GitGuardian/ggshield) | @@ -23,6 +24,8 @@ Spending a lot of time on applying DevSecOps is searching, comparing, and making | Design/THREAT | [threagile](https://github.com/Threagile/threagile) | Agile Threat Modeling Toolkit | ![](https://img.shields.io/github/stars/Threagile/threagile) | ![](https://img.shields.io/github/languages/top/Threagile/threagile) | | Operate and Monitor/COMPONENT-ANALYSIS | [dependency-track](https://github.com/DependencyTrack/dependency-track) | Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. | ![](https://img.shields.io/github/stars/DependencyTrack/dependency-track) | ![](https://img.shields.io/github/languages/top/DependencyTrack/dependency-track) | | Operate and Monitor/K8S | [kube-hunter](https://github.com/aquasecurity/kube-hunter) | Hunt for security weaknesses in Kubernetes clusters | ![](https://img.shields.io/github/stars/aquasecurity/kube-hunter) | ![](https://img.shields.io/github/languages/top/aquasecurity/kube-hunter) | +| Operate and Monitor/SECURITY-AUDIT | [Prowler](https://github.com/prowler-cloud/prowler) | Prowler is a security tool for AWS, providing over 100 checks for compliance with standards like CIS, GDPR, and HIPAA, and auditing AWS account configurations. | ![](https://img.shields.io/github/stars/prowler-cloud/prowler) | ![](https://img.shields.io/github/languages/top/prowler-cloud/prowler) | +| Operate and Monitor/SECURITY-SCAN | [Trivy](https://github.com/aquasecurity/trivy) | Trivy is an open-source, all-in-one security scanner for container images, file systems, and Git repositories, detecting vulnerabilities and misconfigurations. | ![](https://img.shields.io/github/stars/aquasecurity/trivy) | ![](https://img.shields.io/github/languages/top/aquasecurity/trivy) | | Test/DAST | [action-baseline](https://github.com/zaproxy/action-baseline) | A GitHub Action for running the OWASP ZAP Baseline scan | ![](https://img.shields.io/github/stars/zaproxy/action-baseline) | ![](https://img.shields.io/github/languages/top/zaproxy/action-baseline) | | Test/DAST | [action-dalfox](https://github.com/hahwul/action-dalfox) | XSS scanning with Dalfox on Github-action | ![](https://img.shields.io/github/stars/hahwul/action-dalfox) | ![](https://img.shields.io/github/languages/top/hahwul/action-dalfox) | | Test/DAST | [action-full-scan](https://github.com/zaproxy/action-full-scan) | A GitHub Action for running the OWASP ZAP Full scan | ![](https://img.shields.io/github/stars/zaproxy/action-full-scan) | ![](https://img.shields.io/github/languages/top/zaproxy/action-full-scan) | diff --git a/tools/data.json b/tools/data.json index 5ec8019..4f15ead 100644 --- a/tools/data.json +++ b/tools/data.json @@ -4,6 +4,21 @@ "Method": "SAST", "Type": "Build" }, + "Gitleaks": { + "Data": "| Build/SAST | [Gitleaks](https://github.com/gitleaks/gitleaks) | Gitleaks is a SAST tool for detecting hardcoded secrets like API keys, tokens, and passwords in Git repositories, providing a CLI, GitHub Action, and pre-commit hooks for secret detection. | ![](https://img.shields.io/github/stars/gitleaks/gitleaks) | ![](https://img.shields.io/github/languages/top/gitleaks/gitleaks) |", + "Method": "SAST", + "Type": "Build" + }, + "Trivy": { + "Data": "| Operate and Monitor/SECURITY-SCAN | [Trivy](https://github.com/aquasecurity/trivy) | Trivy is an open-source, all-in-one security scanner for container images, file systems, and Git repositories, detecting vulnerabilities and misconfigurations. | ![](https://img.shields.io/github/stars/aquasecurity/trivy) | ![](https://img.shields.io/github/languages/top/aquasecurity/trivy) |", + "Method": "SECURITY-SCAN", + "Type": "Operate and Monitor" + }, + "Prowler": { + "Data": "| Operate and Monitor/SECURITY-AUDIT | [Prowler](https://github.com/prowler-cloud/prowler) | Prowler is a security tool for AWS, providing over 100 checks for compliance with standards like CIS, GDPR, and HIPAA, and auditing AWS account configurations. | ![](https://img.shields.io/github/stars/prowler-cloud/prowler) | ![](https://img.shields.io/github/languages/top/prowler-cloud/prowler) |", + "Method": "SECURITY-AUDIT", + "Type": "Operate and Monitor" + }, "action-baseline": { "Data": "| Test/DAST | [action-baseline](https://github.com/zaproxy/action-baseline) | A GitHub Action for running the OWASP ZAP Baseline scan | ![](https://img.shields.io/github/stars/zaproxy/action-baseline) | ![](https://img.shields.io/github/languages/top/zaproxy/action-baseline) |", "Method": "DAST",