* [Lego v5.2.0](https://github.com/go-acme/lego) – Let's Encrypt client and ACME library written in Go. * [Helmet v8.2.0](https://github.com/helmetjs/helmet) – Middleware for securing Express applications by setting various HTTP response headers. * [WPScan v4.0.0](https://github.com/wpscanteam/wpscan) – WordPress security scanner that detects vulnerabilities, plugin and theme issues, and enumerates users. * [SOPS v3.13.0](https://github.com/getsops/sops) – Editor for encrypted files supporting multiple formats and encryption methods. * [Web-Check 2.1.0](https://github.com/Lissy93/web-check) – Comprehensive, on-demand OSINT dashboard that analyzes websites' infrastructure, security, performance, DNS, and trackers. * [Grype v0.113.0](https://github.com/anchore/grype) – Vulnerability scanner for container images and filesystems. * [OpenFGA v1.17.0](https://github.com/openfga/openfga) – High-performance authorization engine for modeling and enforcing fine-grained access control inspired by Google Zanzibar. * [cnspec v13.21.0](https://github.com/mondoohq/cnspec) – Cloud-native policy-as-code engine that scans infrastructure, containers, Kubernetes, cloud services, and code for vulnerabilities and misconfigurations. * [MQL v13.21.0](https://github.com/mondoohq/mql) – Cloud-native graph-based query language for querying and discovering infrastructure assets across clouds, containers, and services. * [Trivy v0.71.0](https://github.com/aquasecurity/trivy) – Comprehensive security scanner for vulnerabilities, misconfigurations, and secrets across various targets. * [gosec v2.27.0](https://github.com/securego/gosec) – Inspects Go source code for security issues by scanning the AST and SSA representations. * [DevSec Linux Baseline 2.10.0](https://github.com/dev-sec/linux-baseline) – InSpec compliance profile enforcing consistent hardening checks across Linux systems. * [Password Pusher v2.7.0](https://github.com/pglombardo/PasswordPusher) – Securely share sensitive information with automatic expiration and deletion after a set number of views or duration. * [Bank-Vaults v1.33.0](https://github.com/bank-vaults/bank-vaults) – Umbrella toolkit for Cloud Native secret management, providing CLI, Kubernetes operator, webhook, and SDK for HashiCorp Vault. * [PwnDoc v1.5.0](https://github.com/pwndoc/pwndoc) – Pentest reporting application for writing findings and generating customizable DOCX reports. * [Infisical v0.160.0](https://github.com/Infisical/infisical) – Secret management platform for syncing secrets and configurations across teams and infrastructure while preventing leaks. * [pinact v3.10.0](https://github.com/suzuki-shunsuke/pinact) – CLI tool to pin, update, and verify versions of GitHub Actions and reusable workflows in workflow files. * [Lyrie Agent v3.0.0](https://github.com/OTT-Cybersecurity-LLC/lyrie-ai) – Autonomous AI agent integrating continuous security scanning, attack-surface mapping, and automated vulnerability validation and remediation. * [Nuxt Security v2.6.0](https://github.com/Baroshem/nuxt-security) – Module for automatically applying OWASP security headers and middleware in Nuxt 3 applications. * [SpiceDB v1.53.0](https://github.com/authzed/spicedb) – Database for storing and querying fine-grained authorization data at scale. * [OWASP secureCodeBox v5.7.0](https://github.com/secureCodeBox/secureCodeBox) – Kubernetes-based modular toolchain for continuous security scanning of software projects. * [EVE 16.14.0](https://github.com/lf-edge/eve) – Edge virtualization engine providing hardware-assisted virtualization and resource partitioning for on-premises edge devices. * [Dalfox v2.13.0](https://github.com/hahwul/dalfox) – Powerful tool for quickly scanning XSS flaws and analyzing parameters. * [rate-limiter-flexible v11.1.0](https://github.com/animir/node-rate-limiter-flexible) – Counts and limits actions by key to protect against DDoS and brute force attacks. * [Cerbos v0.53.0](https://github.com/cerbos/cerbos) – Context-aware, YAML-defined access control with APIs for dynamic authorization decisions. * [hoop.dev 1.87.0](https://github.com/hoophq/hoop) – Proxy that secures and simplifies access to infrastructure with outbound-only connections and integrated SSO. * [chezmoi v2.70.5](https://github.com/twpayne/chezmoi) – Manage dotfiles across multiple diverse machines securely. * [DOMPurify 3.4.8](https://github.com/cure53/DOMPurify) – Fast and tolerant XSS sanitizer for HTML, MathML, and SVG. * [Skylos v4.23.0](https://github.com/duriantaco/skylos) – Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities. * [TruffleHog v3.95.4](https://github.com/trufflesecurity/trufflehog) – Powerful tool for discovering, classifying, validating, and analyzing leaked credentials. * [MCPProxy v0.35.0](https://github.com/smart-mcp-proxy/mcpproxy-go) – Desktop proxy enabling scalable tool discovery, major token savings, and quarantine of malicious upstream servers for AI agents. * [OpenCTI 7.260529.0](https://github.com/OpenCTI-Platform/opencti) – Platform for managing, structuring, visualizing, and sharing cyber threat intelligence using a STIX2-based knowledge schema. * [Kubescape v4.0.9](https://github.com/kubescape/kubescape) – Comprehensive security platform for managing and securing Kubernetes environments throughout the development and deployment lifecycle. * [Nuclei Templates v10.4.4](https://github.com/projectdiscovery/nuclei-templates) – Community curated templates for the nuclei engine to identify security vulnerabilities in applications. * [Warden v0.14.0](https://github.com/stephnangue/warden) – Runtime access gateway enforcing identity-based egress policies and issuing ephemeral credentials so workloads have no long-lived secrets * [Cosmos v0.22.19](https://github.com/azukaar/Cosmos-Server) – Secure self-hosted home server solution for managing applications with built-in security and ease of use. * [Steampipe v2.4.4](https://github.com/turbot/steampipe) – Zero-ETL tool for querying APIs and services using SQL. * [Warren v0.17.0](https://github.com/secmon-lab/warren) – AI-powered security alert management that reduces noise and speeds incident response. * [OpenBao v2.5.4](https://github.com/openbao/openbao) – Software to manage, store, and distribute sensitive data like secrets, certificates, and keys. * [vm2 v3.11.5](https://github.com/patriksimek/vm2) – Sandbox for running untrusted code with controlled access to Node.js built-in modules and secure context isolation. * [Kyverno v1.18.1](https://github.com/kyverno/kyverno) – Policy engine for managing security, compliance, and governance in cloud native environments using policy-as-code. * [is-website-vulnerable v1.14.15](https://github.com/lirantal/is-website-vulnerable) – Detects publicly known security vulnerabilities in frontend JavaScript libraries of websites. * [OAuth 2.0 Authorization Framework v2.0.19](https://github.com/ruby-oauth/oauth2) – RubyGem for implementing OAuth 2.0 clients with support for various authorization flows. * [pompelmi v1.20.0](https://github.com/pompelmi/pompelmi) – Fast, private Node.js middleware for scanning file uploads with deep ZIP inspection and optional YARA integration. * [KeyFinder v2.1.0](https://github.com/momenbasel/keyFinder) – Chrome extension that passively scans visited pages for leaked API keys, tokens, secrets, and credentials. * [express-rate-limit v8.5.2](https://github.com/express-rate-limit/express-rate-limit) – Middleware for limiting repeated requests to public APIs and endpoints. * [Cilium v1.19.4](https://github.com/cilium/cilium) – Networking, observability, and security solution with an eBPF-based dataplane. * [CrowdSec v1.7.8](https://github.com/crowdsecurity/crowdsec) – Crowdsourced security solution for detecting and blocking malicious IPs. * [vet v1.17.0](https://github.com/safedep/vet) – Enterprise-grade software supply chain security tool with real-time malicious package detection and policy as code support. * [SpiceDB Operator v1.25.0](https://github.com/authzed/spicedb-operator) – Kubernetes operator that manages and scales SpiceDB clusters and automates datastore migrations. * [KeeWeb Password Manager v1.18.9](https://github.com/keeweb/keeweb) – Cross-platform browser and desktop password manager opening and creating KeePass kdbx databases. * [sigstore framework v1.10.8](https://github.com/sigstore/sigstore) – Common code library shared by Sigstore infrastructure and Go clients providing signing interfaces and OpenID Connect support. * [Aguara v0.22.0](https://github.com/garagon/aguara) – Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis. * [Secure-Repo v1.12.2](https://github.com/step-security/secure-repo) – Automatically apply security best practices to GitHub Actions workflows, Dockerfiles, and dependency configurations. * [Xalgorix v4.4.19](https://github.com/xalgord/xalgorix) – Autonomous AI-driven penetration testing platform that performs multi-mode scans, discovers zero-day vulnerabilities, and generates PDF reports with live dashboard alerts. * [WebAuthn Library v0.17.4](https://github.com/go-webauthn/webauthn) – FIDO2-conformant passkey and authentication backend for Go applications. * [StackRox Kubernetes Security Platform 4.9.7](https://github.com/stackrox/stackrox) – Kubernetes security platform performing container environment risk analysis, providing visibility, runtime alerts, and hardening recommendations. * [Actions Up! v1.14.2](https://github.com/azat-io/actions-up) – CLI tool that scans workflows and updates GitHub Actions, pinning them to exact commit SHAs. * [Snyk CLI v1.1305.0](https://github.com/snyk/cli) – Scans and monitors projects for security vulnerabilities in code, containers, dependencies, and infrastructure-as-code. * [Powerpipe v1.5.2](https://github.com/turbot/powerpipe) – Visualize data sources and run compliance benchmarks for effective decision-making and ongoing monitoring. * [go-tuf/v2 v2.4.2](https://github.com/theupdateframework/go-tuf) – Lightweight Go library for creating, signing, verifying, and managing secure software update metadata. * [osctrl v0.5.2](https://github.com/jmpsec/osctrl) – Fast, efficient osquery management server implementing the osquery remote API as a TLS endpoint. * [BoxLite v0.9.5](https://github.com/boxlite-ai/boxlite) – Lightweight VM substrate for running persistent, OCI-compatible container workspaces with hardware isolation and async-first APIs. * [UTMStack v11.2.8](https://github.com/utmstack/UTMStack) – Enterprise-ready SIEM and XDR platform offering real-time log correlation, threat intelligence, and incident response. * [GlobaLeaks v5.0.93](https://github.com/globaleaks/globaleaks-whistleblowing-software) – Whistleblowing software to easily set up and maintain a secure reporting platform. * [socket-proxy 1.12.1](https://github.com/wollomatic/socket-proxy) – Lightweight secure-by-default Unix socket proxy offering regex-based method allowlists, IP-based access control, and a minimal Go-only image. * [VICE v3.2.1](https://github.com/Webba-Creative-Technologies/vice) – Security auditing CLI for web applications supporting remote black-box scans and local white-box code audits. * [Data security Stack for TypeScript @cipherstash/wizard@...](https://github.com/cipherstash/stack) – End-to-end field-level encryption for TypeScript apps with zero-knowledge key management and searchable encrypted queries. * [sigstore-js @sigstore/mock@0.13....](https://github.com/sigstore/sigstore-js) – JavaScript libraries for interacting with Sigstore signing and verification services. * [CipherStash Proxy v2.2.2](https://github.com/cipherstash/proxy) – Transparent searchable encryption for existing PostgreSQL databases without SQL changes. * [AppArmor.d v0.4908.0](https://github.com/roddhjav/apparmor.d) – Set of over 1500 AppArmor profiles to confine core Linux system services, desktop environments, and user processes. * [Greenmask v0.2.21](https://github.com/GreenmaskIO/greenmask) – Tool for database anonymization and synthetic data generation. * [CoWork OS v0.5.48](https://github.com/CoWork-OS/CoWork-OS) – Security-first personal AI assistant runtime providing multi-provider model access and multi-channel messaging integrations with local-first data control. * [JavaSecLab V1.5](https://github.com/whgojp/JavaSecLab) – Comprehensive hands-on platform for learning, testing, and auditing Java application security using vulnerable examples, fixes, scenarios, and traffic analysis. * [trdl v0.12.3](https://github.com/werf/trdl) – Secure software delivery system that publishes Git-based releases to a TUF repository and manages client updates. * [react-native-sandbox v0.6.2](https://github.com/callstackincubator/react-native-sandbox) – Library for running multiple isolated React Native instances within a single application with safe communication. * [Anchore Kubernetes Inventory v1.8.3](https://github.com/anchore/k8s-inventory) – Periodic Kubernetes API poller reporting containers, images, pods, nodes and namespaces currently in use. * [gost v0.7.4](https://github.com/vulsio/gost) – Builds a local mirror of multiple security trackers and notifies watched CVEs of updates via email or Slack. * [checkip v0.53.3](https://github.com/jreisinger/checkip) – CLI and Go library providing security and contextual information about IP addresses. * [BlueHydra 1.9.21](https://github.com/ZeroChaos-/blue_hydra) – Bluetooth device discovery service built on BlueZ that tracks classic and LE devices and uses Ubertooth where available. * [Tracecat 1.0.0-beta.49-rc.2](https://github.com/TracecatHQ/tracecat) – Modern automation platform for security and IT engineers with YAML templates, no-code workflows, lookup tables, and case management. * [Wazuh Dashboard Plugins v4.14.6-rc1](https://github.com/wazuh/wazuh-dashboard-plugins) – Collection of plugins that extend the Wazuh dashboard with UI panels for security events, integrity, vulnerability, and compliance monitoring. * [Shuffle Automation v2.2.2-rc1](https://github.com/Shuffle/Shuffle) – General-purpose security automation platform for security teams, offering workflow editor, OpenAPI-based app creation, and resource sharing. * [OpenSSF Best Practices Badge sbom-production-2026...](https://github.com/coreinfrastructure/best-practices-badge) – Web-based badging system and criteria for assessing and encouraging best practices in FLOSS projects. * [Vigolium v0.1.18-beta](https://github.com/vigolium/vigolium) – High-fidelity vulnerability scanner combining deterministic native scans and AI-driven agentic code audits. * [Yaklang 1.4.7-beta7](https://github.com/yaklang/yaklang) – Cybersecurity-focused domain-specific programming language with a dedicated virtual machine and IDE support.