scanning
Secret scanning detects Base64-encoded GitHub tokens - GitHub Changelog
https://github.blog/changelog/2025-02-14-secret-scanning-detects-base64-encoded-github-tokens/
GitHub continually updates its detectors for secret scanning with new patterns and upgrades of existing patterns, ensuring your repositories have comprehensive detection for different secret types. GitHub now automatically detects…
Added 1 month ago
Nuclei: Open-source vulnerability scanner - Help Net Security
https://www.helpnetsecurity.com/2024/08/26/nuclei-open-source-vulnerability-scanner/
Nuclei is a fast and customizable open-source vulnerability scanner powered by YAML-based templates. With its flexible templating system, Nuclei can be
Added 1 month ago
Security overview dashboards secret scanning metrics and enablement trends
https://github.blog/changelog/2024-07-19-security-overview-dashboards-secret-scanning-metrics-and-enablement-trends-reports-are-now-generally-available/
Today, we’re excited to announce the general availability of our new organization and enterprise-level security overview dashboards, alongside enhanced secret scanning metrics and the enablement trends reports. These features are…
Added 1 month ago
OXO vulnerability scanning orchestrator for the modern age
https://oxo.ostorlab.co/
OXO is a vulnerability scanning orchestrator that automatically binds tools together allowing for rapid scale.
Added 1 month ago
Google Online Security Blog: Announcing OSV-Scanner: Vulnerability Scanner
https://security.googleblog.com/2022/12/announcing-osv-scanner-vulnerability.html
Added 1 month ago
Free: Dastardly from Burp Suite | Blog - PortSwigger
https://portswigger.net/blog/free-dastardly-from-burp-suite
Introducing Dastardly - a free, lightweight web application security scanner for your CI/CD pipeline, from the makers of Burp Suite. Secure web development ain't easy Ensuring your code is written sec
Added 1 month ago
prowler-cloud/prowler
https://github.com/prowler-cloud/prowler
Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, ENS and more - prowler-cloud/prowler
Added 1 month ago
https://isc.sans.edu/forums/diary/Quick+and+dirty+Python+masscan/27384/?s=09
https://isc.sans.edu/forums/diary/Quick+and+dirty+Python+masscan/27384/?s=09
Added 1 month ago
How to build a CI/CD pipeline for container vulnerability scanning with Tri
https://aws.amazon.com/blogs/security/how-to-build-ci-cd-pipeline-container-vulnerability-scanning-trivy-and-aws-security-hub/
In this post, I’ll show you how to build a continuous integration and continuous delivery (CI/CD) pipeline using AWS Developer Tools, as well as Aqua Security‘s open source container vulnerability scanner, Trivy. You’ll build two Docker images, one with vulnerabilities and one without, to learn the capabilities of Trivy and how to send all vulnerability […]
Added 1 month ago
checkov
https://www.checkov.io/
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
Broken
OpenVAS - OpenVAS - Open Vulnerability Assessment System
http://www.openvas.org/
Added 1 month ago