GUAC aggregates software security metadata into a high fidelity graph database.

Fourth major version of the eXstensible STAMP Platform

Educational materials related to the STAMP safety analysis framework.

Open Source, Google Zanzibar-inspired database for scalably storing and querying fine-grained authorization data

Detect Tactics, Techniques & Combat Threats

An informational repo about hunting for adversaries in your IT environment.

Tfsec is now part of Trivy

Detect, track and alert on infrastructure drift

A curated list of OPA related tools, frameworks and articles

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernet…

The Z3 Theorem Prover

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.

Resilience engineering papers

AWS IAM linting library

Agile Threat Modeling Toolkit

🔎 Impossibly fast web search, made for static sites.

A high-performance HTTP benchmarking tool that includes a real-time web UI and terminal display

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.

A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)

The Patterns of Scalable, Reliable, and Performant Large-Scale Systems

Supply-chain Levels for Software Artifacts

💡 An open source solution for publishing the status of your services

Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans…

Run virtual routers with docker

A behavioral analytics library that uses dom mutations and user interactions to generate aggregated insights.

Using network observability to operate and design healthier networks

A curated list for awesome GitOps resources

A supercharged version of paperless: scan, index and archive all your physical documents