| 05/29 | 9 |
Let's Encrypt client and ACME library written in Go.
|
| 05/22 | 9 |
Middleware for securing Express applications by setting various HTTP response headers.
|
| 06/03 | 8 |
Vulnerability scanner for container images and filesystems.
|
| 06/02 | 8 |
High-performance authorization engine for modeling and enforcing fine-grained access control inspired by Google Zanzibar.
|
| 06/02 | 8 |
Cloud-native policy-as-code engine that scans infrastructure, containers, Kubernetes, cloud services, and code for vulnerabilities and misconfigurations.
|
| 06/02 | 8 |
Cloud-native graph-based query language for querying and discovering infrastructure assets across clouds, containers, and services.
|
| 06/01 | 8 |
Comprehensive security scanner for vulnerabilities, misconfigurations, and secrets across various targets.
|
| 06/01 | 8 |
Inspects Go source code for security issues by scanning the AST and SSA representations.
|
| 05/26 | 8 |
InSpec compliance profile enforcing consistent hardening checks across Linux systems.
|
| 05/26 | 8 |
Securely share sensitive information with automatic expiration and deletion after a set number of views or duration.
|
| 05/25 | 8 |
Umbrella toolkit for Cloud Native secret management, providing CLI, Kubernetes operator, webhook, and SDK for HashiCorp Vault.
|
| 05/22 | 8 |
Pentest reporting application for writing findings and generating customizable DOCX reports.
|
| 06/03 | 7 |
Proxy that secures and simplifies access to infrastructure with outbound-only connections and integrated SSO.
|
| 06/03 | 7 |
Manage dotfiles across multiple diverse machines securely.
|
| 06/03 | 7 |
Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities.
|
| 06/02 | 7 |
Secret management platform for syncing secrets and configurations across teams and infrastructure while preventing leaks.
|
| 06/01 | 7 |
Powerful tool for discovering, classifying, validating, and analyzing leaked credentials.
|
| 06/01 | 7 |
Desktop proxy enabling scalable tool discovery, major token savings, and quarantine of malicious upstream servers for AI agents.
|
| 05/29 | 7 |
Platform for managing, structuring, visualizing, and sharing cyber threat intelligence using a STIX2-based knowledge schema.
|
| 05/28 | 7 |
Comprehensive security platform for managing and securing Kubernetes environments throughout the development and deployment lifecycle.
|
| 05/28 | 7 |
Community curated templates for the nuclei engine to identify security vulnerabilities in applications.
|
| 05/27 | 7 |
Fast and tolerant XSS sanitizer for HTML, MathML, and SVG.
|
| 05/26 | 7 |
Runtime access gateway enforcing identity-based egress policies and issuing ephemeral credentials so workloads have no long-lived secrets
|
| 05/26 | 7 |
Secure self-hosted home server solution for managing applications with built-in security and ease of use.
|
| 05/25 | 7 |
Zero-ETL tool for querying APIs and services using SQL.
|
| 05/23 | 7 |
AI-powered security alert management that reduces noise and speeds incident response.
|
| 05/30 | 6 |
Enterprise-grade software supply chain security tool with real-time malicious package detection and policy as code support.
|
| 05/29 | 6 |
Common code library shared by Sigstore infrastructure and Go clients providing signing interfaces and OpenID Connect support.
|
| 05/29 | 6 |
Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis.
|
| 05/28 | 6 |
Automatically apply security best practices to GitHub Actions workflows, Dockerfiles, and dependency configurations.
|
| 05/27 | 6 |
Autonomous AI-driven penetration testing platform that performs multi-mode scans, discovers zero-day vulnerabilities, and generates PDF reports with live dashboard alerts.
|
| 05/23 | 6 |
CLI tool to pin, update, and verify versions of GitHub Actions and reusable workflows in workflow files.
|
| 05/22 | 6 |
FIDO2-conformant passkey and authentication backend for Go applications.
|
| 05/21 | 6 |
Kubernetes security platform performing container environment risk analysis, providing visibility, runtime alerts, and hardening recommendations.
|
| 05/21 | 6 |
CLI tool that scans workflows and updates GitHub Actions, pinning them to exact commit SHAs.
|
| 05/21 | 6 |
RubyGem for implementing OAuth 2.0 clients with support for various authorization flows.
|
| 06/02 | 5 |
End-to-end field-level encryption for TypeScript apps with zero-knowledge key management and searchable encrypted queries.
|
| 06/01 | 5 |
JavaScript libraries for interacting with Sigstore signing and verification services.
|
| 06/01 | 5 |
Transparent searchable encryption for existing PostgreSQL databases without SQL changes.
|
| 05/30 | 5 |
Set of over 1500 AppArmor profiles to confine core Linux system services, desktop environments, and user processes.
|
| 05/29 | 5 |
Tool for database anonymization and synthetic data generation.
|
| 05/28 | 5 |
Security-first personal AI assistant runtime providing multi-provider model access and multi-channel messaging integrations with local-first data control.
|
| 05/27 | 5 |
Comprehensive hands-on platform for learning, testing, and auditing Java application security using vulnerable examples, fixes, scenarios, and traffic analysis.
|
| 05/22 | 5 |
Secure software delivery system that publishes Git-based releases to a TUF repository and manages client updates.
|
| 06/03 | 4 |
Bluetooth device discovery service built on BlueZ that tracks classic and LE devices and uses Ubertooth where available.
|
| 06/02 | 4 |
Edge virtualization engine providing hardware-assisted virtualization and resource partitioning for on-premises edge devices.
|
| 05/30 | 4 |
Modern automation platform for security and IT engineers with YAML templates, no-code workflows, lookup tables, and case management.
|
| 05/28 | 4 |
Collection of plugins that extend the Wazuh dashboard with UI panels for security events, integrity, vulnerability, and compliance monitoring.
|
| 05/27 | 4 |
General-purpose security automation platform for security teams, offering workflow editor, OpenAPI-based app creation, and resource sharing.
|
| 06/02 | 3 |
Web-based badging system and criteria for assessing and encouraging best practices in FLOSS projects.
|
| 05/30 | 3 |
High-fidelity vulnerability scanner combining deterministic native scans and AI-driven agentic code audits.
|
| 05/29 | 3 |
Cybersecurity-focused domain-specific programming language with a dedicated virtual machine and IDE support.
|