| 03/16 | 9 |
Community curated templates for the nuclei engine to identify security vulnerabilities in applications.
|
| 03/14 | 9 |
Counts and limits actions by key to protect against DDoS and brute force attacks.
|
| 03/12 | 9 |
Securely share sensitive information with automatic expiration and deletion after a set number of views or duration.
|
| 03/09 | 9 |
Manage dotfiles across multiple diverse machines securely.
|
| 02/19 | 9 |
Let's Encrypt client and ACME library written in Go.
|
| 03/17 | 8 |
Cloud-native policy-as-code engine that scans infrastructure, containers, Kubernetes, cloud services, and code for vulnerabilities and misconfigurations.
|
| 03/17 | 8 |
Edge virtualization engine providing hardware-assisted virtualization and resource partitioning for on-premises edge devices.
|
| 03/16 | 8 |
Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities.
|
| 03/13 | 8 |
High-performance authorization engine for modeling and enforcing fine-grained access control inspired by Google Zanzibar.
|
| 03/12 | 8 |
Local transparent gateway that intercepts agent tool calls and blocks dangerous operations before execution.
|
| 03/10 | 8 |
Cloud-native graph-based query language for querying and discovering infrastructure assets across clouds, containers, and services.
|
| 03/05 | 8 |
Middleware for limiting repeated requests to public APIs and endpoints.
|
| 02/28 | 8 |
Tweaks for Mozilla Firefox to enhance speed, privacy, and security.
|
| 02/28 | 8 |
RTSP stream scanner that detects devices, enumerates routes, and performs dictionary-based credential discovery, with a Go library.
|
| 02/27 | 8 |
Pentest reporting application for writing findings and generating customizable DOCX reports.
|
| 02/27 | 8 |
Zero-ETL tool for querying APIs and services using SQL.
|
| 02/27 | 8 |
Inspects Go source code for security issues by scanning the AST and SSA representations.
|
| 02/25 | 8 |
Secure self-hosted home server solution for managing applications with built-in security and ease of use.
|
| 02/19 | 8 |
Vulnerability scanner for container images and filesystems.
|
| 02/18 | 8 |
Weighs the soul of connections using proof-of-work to protect resources from scraper bots.
|
| 02/17 | 8 |
Kubernetes-based modular toolchain for continuous security scanning of software projects.
|
| 03/18 | 7 |
Editor for encrypted files supporting multiple formats and encryption methods.
|
| 03/17 | 7 |
Secret management platform for syncing secrets and configurations across teams and infrastructure while preventing leaks.
|
| 03/17 | 7 |
Scalable authentication for Go apps or standalone servers offering email/password auth, sessions, OAuth, and extensible hooks.
|
| 03/15 | 7 |
Library for running multiple isolated React Native instances within a single application with safe communication.
|
| 03/15 | 7 |
Comprehensive security platform for managing and securing Kubernetes environments throughout the development and deployment lifecycle.
|
| 03/15 | 7 |
Security-first personal AI assistant runtime providing multi-provider model access and multi-channel messaging integrations with local-first data control.
|
| 03/12 | 7 |
Extension that secures PostgreSQL in cloud environments by managing privileges without requiring superuser access.
|
| 03/11 | 7 |
Fast and tolerant XSS sanitizer for HTML, MathML, and SVG.
|
| 03/10 | 7 |
Out-of-band interaction gathering server and client library.
|
| 03/09 | 7 |
Powerful tool for discovering, classifying, validating, and analyzing leaked credentials.
|
| 03/09 | 7 |
Kubernetes operator that manages and scales SpiceDB clusters and automates datastore migrations.
|
| 03/09 | 7 |
Kubernetes/OpenShift operator that combines trusted certificate sources into a distributable trust bundle for applications.
|
| 03/09 | 7 |
Daemon forwarding Falco events to multiple outputs in a fan-out manner for ecosystem integration.
|
| 03/07 | 7 |
Multiplayer client-server pivoting tool for collaborative penetration testing with automatic TUN management and a GUI.
|
| 03/05 | 7 |
Proxy that secures and simplifies access to infrastructure with outbound-only connections and integrated SSO.
|
| 03/03 | 7 |
Comprehensive security scanner for vulnerabilities, misconfigurations, and secrets across various targets.
|
| 03/03 | 7 |
Desktop proxy enabling scalable tool discovery, major token savings, and quarantine of malicious upstream servers for AI agents.
|
| 03/01 | 7 |
FIDO2-conformant passkey and authentication backend for Go applications.
|
| 02/27 | 7 |
Database for storing and querying fine-grained authorization data at scale.
|
| 02/27 | 7 |
Platform for managing, structuring, visualizing, and sharing cyber threat intelligence using a STIX2-based knowledge schema.
|
| 02/27 | 7 |
Visualize data sources and run compliance benchmarks for effective decision-making and ongoing monitoring.
|
| 02/26 | 7 |
Static analysis tool checking Ruby on Rails applications for security vulnerabilities.
|
| 02/26 | 7 |
Testing framework for infrastructure that specifies compliance, security, and policy requirements.
|
| 02/25 | 7 |
Enterprise-grade software supply chain security tool with real-time malicious package detection and policy as code support.
|
| 02/24 | 7 |
Fast, efficient osquery management server implementing the osquery remote API as a TLS endpoint.
|
| 02/23 | 7 |
Software to manage, store, and distribute sensitive data like secrets, certificates, and keys.
|
| 02/17 | 7 |
Networking, observability, and security solution with an eBPF-based dataplane.
|
| 02/17 | 7 |
Cloud-native, graph-based asset inventory and discovery tool for querying infrastructure across clouds, containers, Kubernetes, and VMs.
|
| 02/17 | 7 |
Sandbox for running untrusted code with controlled access to Node.js built-in modules and secure context isolation.
|
| 03/17 | 6 |
Collection of plugins that extend the Wazuh dashboard with UI panels for security events, integrity, vulnerability, and compliance monitoring.
|
| 03/16 | 6 |
SDK enabling zero-trust networking for Node.js applications and web servers.
|
| 03/10 | 6 |
AI-powered security alert management that reduces noise and speeds incident response.
|
| 03/10 | 6 |
Software supply chain security platform enforcing configurable policies, attesting artifacts, and managing repository security and dependency risk.
|
| 03/10 | 6 |
Kubernetes-native toolkit that continuously scans clusters and generates vulnerability, configuration, secrets, RBAC, compliance, and SBOM reports.
|
| 03/09 | 6 |
Browser extension for Firefox, Edge and Chrome providing secure cryptographic operations, random number generation, and password autofill.
|
| 03/07 | 6 |
Tool for database anonymization and synthetic data generation.
|
| 03/05 | 6 |
Enterprise-ready SIEM and XDR platform offering real-time log correlation, threat intelligence, and incident response.
|
| 03/03 | 6 |
JavaScript AST analysis tool for identifying potentially malicious code patterns.
|
| 03/03 | 6 |
Detect security vulnerabilities, compliance issues, and infrastructure misconfigurations in infrastructure-as-code early in development.
|
| 02/24 | 6 |
General-purpose security automation platform for security teams, offering workflow editor, OpenAPI-based app creation, and resource sharing.
|
| 02/22 | 6 |
Caddy v2 plugin providing authentication, authorization, and credential management for OAuth/OIDC, SAML, LDAP, basic auth, and JWT/PASETO.
|
| 02/20 | 6 |
Cloud-native runtime security enforcement system restricting process, file and network behavior of containers, pods, and nodes using LSMs and eBPF.
|
| 02/19 | 6 |
ESLint plugin disallowing unsafe innerHTML, outerHTML, insertAdjacentHTML assignments and calls unless sanitized.
|
| 02/17 | 6 |
Multi-cloud compliance scanner that audits AWS, Azure, GCP, and M365 against standards and generates audit-ready reports.
|
| 03/17 | 5 |
End-to-end field-level encryption for TypeScript apps with zero-knowledge key management and searchable encrypted queries.
|
| 03/13 | 5 |
High-level Go packages providing APIs for interacting with TPM 2.0 devices.
|
| 03/09 | 5 |
Second-development, lightweight cross-platform website vulnerability scanner with port scanning, fingerprinting, directory fuzzing, and POC-driven vulnerability detection.
|
| 03/07 | 5 |
Lightweight secure-by-default Unix socket proxy offering regex-based method allowlists, IP-based access control, and a minimal Go-only image.
|
| 03/05 | 5 |
Tool to determine minimum permissions required for Terraform and Infrastructure as Code deployments.
|
| 03/03 | 5 |
Tool for identifying vulnerabilities in PostgreSQL extension scripts and SQL code.
|
| 02/25 | 5 |
Real-time SSL/TLS key extraction and decryption tool for analyzing encrypted network traffic.
|
| 02/25 | 5 |
TypeScript package for encrypting and decrypting data using unique keys for each value.
|
| 02/18 | 5 |
Periodic Kubernetes API poller reporting containers, images, pods, nodes and namespaces currently in use.
|
| 02/17 | 5 |
Security suite combining graph-based structural code analysis with AI-assisted vulnerability detection and IDE/CI integrations.
|
| 03/17 | 4 |
Private certificate authority for secure, automated certificate management in DevOps environments.
|
| 03/17 | 4 |
Easy-to-use CLI for building, operating, and automating PKI systems and common X.509, JWT, and crypto workflows.
|
| 03/15 | 4 |
Collaboration-first platform for planning, automating, executing, and reporting vulnerability assessments and penetration tests.
|
| 03/13 | 4 |
Safe JavaScript execution runtime that parses and runs code in a whitelisted, prototype-aware sandbox.
|
| 02/25 | 4 |
Modern automation platform for security and IT engineers with YAML templates, no-code workflows, lookup tables, and case management.
|
| 02/24 | 4 |
MCP server providing structured access to Shodan API and CVEDB for IP reconnaissance, DNS lookups, vulnerability data, and device search.
|
| 02/17 | 4 |
Transparent searchable encryption for existing PostgreSQL databases without SQL changes.
|
| 03/13 | 3 |
Cybersecurity-focused domain-specific programming language with a dedicated virtual machine and IDE support.
|
| 03/11 | 3 |
Continuous cloud-assurance platform that evaluates cloud configurations for security and compliance against standards like C5 and CSA CCM.
|
| 03/03 | 3 |
Set of over 1500 AppArmor profiles to confine core Linux system services, desktop environments, and user processes.
|