terrascan

Security scanner

Detects security vulnerabilities and compliance issues in infrastructure code before provisioning cloud-native infrastructure.

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

GitHub

5k stars
69 watching
500 forks
Language: Go
last commit: 11 days ago
Linked from 4 awesome lists

architectureawsaws-securityazure-securitycloud-securitycloudsecuritydevopsdevsecopsgcp-securityiacinfrastructureinfrastructure-as-codekubernetessastscanssecuritysecurity-toolssecurity-violationsterraformterrascan

Backlinks from these awesome lists:

Related projects:

Repository Description Stars
aquasecurity/tfsec A tool for identifying potential misconfigurations in Terraform code during the software development process 6,722
tcosolutions/betterscan A toolchain that scans source code and infrastructure IaC for security risks and provides a unified report. 817
securityftw/cs-suite An automated tool suite to assess and improve cloud security across multiple platforms 1,144
legit-labs/legitify Automates vulnerability detection and remediation across GitHub and GitLab assets to strengthen software security posture. 774
checkmarx/kics A tool for detecting security vulnerabilities and compliance issues in infrastructure-as-code projects 2,099
bridgecrewio/checkov An automated tool for identifying security and compliance vulnerabilities in cloud infrastructure and software packages. 7,149
openscanner/xguardian A security scanner for OSX applications that detects URL scheme hijack, bundle ID hijack, and keychain hijack vulnerabilities. 41
deepfence/threatmapper An application protection platform that monitors and analyzes cloud-native applications for vulnerabilities and threats. 4,845
hxsecurity/terraformgoat A multi-cloud deployment tool designed to test and demonstrate the vulnerability of cloud infrastructure configurations 536
praetorian-inc/snowcat Automated tool to detect security vulnerabilities in Istio clusters by analyzing configuration and audit best practices 173
secdec/attack-surface-detector-burp Identifies web app endpoints and parameters to help detect vulnerabilities 98
zupit/horusec Identifies security flaws in software projects through static code analysis 1,149
awslabs/sustainability-scanner An open-source tool that evaluates AWS CloudFormation templates against sustainability best practices and generates reports with suggested improvements. 107
boostsecurityio/poutine Detects misconfigurations and vulnerabilities in software supply chains during build pipelines. 229
jupiterone/starbase Graph-based security analysis platform 337