Latest Updates

The most recently updated tools in our directory.

zizmor

zizmor

DevSecOps & Pipeline Security

A static analysis tool for GitHub Actions that identifies common security issues in CI/CD setups.

Multi-Cloud
Open Source
Self Hosted + Cloud Options
WebVM

WebVM

Infrastructure Security & Hardening

Virtual Machine for the Web

Multi-Cloud
Open Source
Self Hosted Only
Vuls

Vuls

Vulnerability Management

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Multi-Cloud
Open Source
Self Hosted + Cloud Options
Velociraptor

Velociraptor

Incident Response & Forensics

A powerful tool for endpoint visibility and incident response, leveraging the Velociraptor Query Language (VQL) for customizable data collection.

Multi-Cloud
Open Source
Self Hosted + Cloud Options
Trivy

Trivy

Vulnerability Management

A security scanning solution for cloud and containerized environments.

Multi-Cloud
Open Source
Self Hosted + Cloud Options
Timesketch

Timesketch

Incident Response & Forensics

Collaborative forensic timeline analysis

Multi-Cloud
Open Source
Self Hosted + Cloud Options
Tracee

Tracee

Incident Response & Forensics

A runtime security and forensics tool for Linux environments leveraging eBPF technology.

Multi-Cloud
Open Source
Self Hosted + Cloud Options
TheHive

TheHive

Archived
Incident Response & Forensics

A scalable, open-source security incident response platform that integrates case management, task assignment, and collaboration tools.

Multi-Cloud
Open Source
Self Hosted + Cloud Options
Terrascan

Terrascan

Archived
DevSecOps & Pipeline Security

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Multi-Cloud
Open Source
Self Hosted + Cloud Options
tfsec

tfsec

DevSecOps & Pipeline Security

A security scanner for Terraform configurations that identifies potential vulnerabilities through static analysis.

Multi-Cloud
Open Source
Self Hosted + Cloud Options
Teller

Teller

Secrets Management

Cloud native secrets management for developers - never leave your command line for secrets.

Multi-Cloud
Open Source
Self Hosted + Cloud Options
Syft

Syft

Supply Chain Security

A CLI tool and Go library for generating Software Bill of Materials (SBOMs) from container images and filesystems.

Multi-Cloud
Open Source
Self Hosted Only
Stratus Red Team

Stratus Red Team

Threat Detection & Response

Granular, Actionable Adversary Emulation for the Cloud

Multi-Cloud
Open Source
Self Hosted Only
Snyk CLI

Snyk CLI

Vulnerability Management

Snyk CLI scans and monitors your projects for security vulnerabilities.

Multi-Cloud
Open Source
Self Hosted + Cloud Options
SOPS

SOPS

Secrets Management

Simple and flexible tool for managing secrets

Multi-Cloud
Open Source
Self Hosted + Cloud Options
Sn1per

Sn1per

Penetration Testing Tools

Attack Surface Management Platform

Multi-Cloud
Open Source
Self Hosted + Cloud Options
SkyArk

SkyArk

Identity & Access Management

SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

Multi-Cloud
Open Source
Self Hosted Only
Scout Suite

Scout Suite

Security Assessment & Audit

Multi-Cloud Security Auditing Tool

Multi-Cloud
Open Source
Self Hosted + Cloud Options
S3Scanner

S3Scanner

Penetration Testing Tools

Scan for misconfigured S3 buckets across S3-compatible APIs!

Multi-Cloud
Open Source
Self Hosted + Cloud Options
Rekor

Rekor

Supply Chain Security

Software Supply Chain Transparency Log