Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics…

OCSF (https://schema.ocsf.io/) models in Python using Pydantic.

MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management.

Automating situational awareness for cloud penetration tests.

Empowering People Ethically 🚀 — Matomo is hiring! Join us → https://matomo.org/jobs Matomo is the leading open-source alternative to Google Analytics, giving you complete control and built-in priva…

Evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more

The missing star history graph of GitHub repos - https://star-history.com

This solutions facilitates rapid deployment of Prowler, full AWS Organization analysis, and finding processing as part of a security posture report.

Templates that create needed permissions in an account to be scanned by ProwlerPro

PyPI downloads analytics dashboard

Compliance automation framework, focused on SOC2

Protect your data in AWS S3 with DataCop!

An encyclopedia for offensive and defensive security knowledge in cloud native technologies.

The easiest way to access your cloud.

Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.

Testing TLS/SSL encryption anywhere on any port

CloudSpec is an open source tool for validating your resources in your cloud providers using a logical language.

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to c…

Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans…

kube-scan: Octarine k8s cluster risk assessment tool

AWS Security Tools (AST) in a simple Docker container. 📦

An enterprise friendly way of detecting and preventing secrets in code.

A list of covert channels and steganography/steganalysis resources (books, papers & tools)

List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.

Minimalist containerized implementation of Prowler from https://github.com/toniblyx/prowler, made to run within ECS Fargate and have Secrets passed via AWS Secrets Manager

Kapow! If you can script it, you can HTTP it.