Search Results for "scanning"
Sort By:
Showing 116 open source projects for "scanning"
View related business solutions-
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
Train ML Models With SQL You Already KnowBuild and deploy ML models using familiar SQL. Automate data prep with built-in Gemini. Query 1 TB and store 10 GB free monthly.
-
1
Dockle
Container Image Linter for Security
Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start. You can install dockle with the asdf version manager with this plugin, which automates the process of installing (and switching between) various versions of github release binaries. With asdf already installed, run commands to install dockle. You can scan your built image with Dockle in Travis CI/CircleCI. Though, you can ignore the specified target checkpoints by using .dockleignore file. Or,... -
2
GitLab
Please open new issues in our issue tracker on GitLab
...It supports extensive automation via pipelines, runners, webhooks, and a comprehensive REST/GraphQL API, enabling complex workflows like canary deployments, feature flagging, and security scanning as part of merge request gates. -
3
Harness
Harness Open Source is an end-to-end developer platform
...It offers pipeline-as-code YAML definitions, AI-optimized builds, policy-driven governance, multi-environment deployment templates (canary, blue/green), and integrated security scanning. -
4
Bandit
Bandit is a tool designed to find common security issues in Python
Bandit is a tool designed to find common security issues in Python code. To do this, Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files, it generates a report. Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA. -
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
5
Trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers
Trivy is the most popular open source security scanner, reliable, fast, and easy to use. Use Trivy to find vulnerabilities & IaC misconfigurations, SBOM discovery, Cloud scanning, Kubernetes security risks,and more. Trivy is praised by professionals from organizations worldwide. Are you a Trivy fan as well? We’d love to hear from you! Trivy detects vulnerabilities from a wide array of operating systems and programming languages, across different versions, and vulnerability sources. Detect common misconfigurations with Trivy, using the same familiar tool and workflow that you already have in place for vulnerabilities. ... -
6
Sysdig
Linux system exploration and troubleshooting tool
Continuously assess cloud security posture by flagging misconfigurations and suspicious activity. Consolidate container and host scanning in a single workflow. Automate scanning locally in your CI/CD tools without images leaving your environment and block vulnerabilities pre-deployment. Visualize all network communication across apps and services. Apply microsegmentation by automating Kubernetes-native network policies. Unify threat detection and incident response across containers, Kubernetes, and cloud with out-of-the-box Falco rules leveraging syscalls, Kubernetes audit logs and cloud logs. ... -
7
kube-bench
Checks whether Kubernetes is deployed
...Trivy, the all-in-one cloud-native security scanner, can be deployed as a Kubernetes Operator inside a cluster. Both, the Trivy CLI, and the Trivy Operator support CIS Kubernetes Benchmark scanning among several other features. There are multiple ways to run kube-bench. You can run kube-bench inside a pod, but it will need access to the host's PID namespace in order to check the running processes, as well as access to some directories on the host where config files and other files are stored. -
8
gosec
Golang security checker
...Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. You can integrate third-party code analysis tools with GitHub code scanning by uploading data as SARIF files. The workflow shows an example of running the gosec as a step in a GitHub action workflow that outputs the results.sarif file. The workflow then uploads the results.sarif file to GitHub using the upload-serif action. Gosec can be configured to only run a subset of rules, to exclude certain file paths, and produce reports in different formats. ... -
9
tfsec
Security scanner for your Terraform code
...Configurable (via CLI flags and/or config file). Very fast, capable of quickly scanning huge repositories. Plugins for popular IDEs available (JetBrains, VSCode and Vim). -
AI-generated apps that pass security reviewRetool lets you generate dashboards, admin panels, and workflows directly on your data. Type something like “Build me a revenue dashboard on my Stripe data” and get a working app with security, permissions, and compliance built in from day one. Whether on our cloud or self-hosted, create the internal software your team needs without compromising enterprise standards or control.
-
10
ZXing
Barcode scanning library for Java, Android
ZXing or “Zebra Crossing” is an open source multi-format 1D/2D barcode image processing library that’s been implemented in Java, and also comes with ports to other languages. It currently supports the following formats: UPC-A and UPC-E EAN-8 and EAN-13 Code 39 Code 93 Code 128 ITF Codabar RSS-14 (all variants) RSS Expanded (most variants) QR Code Data Matrix Aztec ('beta' quality) PDF 417 ('alpha' quality) MaxiCode ZXing is made up of several modules, including a core... -
11
Chocolatey
Chocolatey - the package manager for Windows
...Chocolatey packages encapsulate everything required to manage a particular piece of software into one deployment artifact by wrapping installers, executables, zips, and/or scripts into a compiled package file. Package submissions go through a rigorous moderation review process, including automatic virus scanning. The community repository has a strict policy on malicious and pirated software. Many organizations face the ongoing challenge of deploying and supporting various versions of software. Chocolatey allows organizations to automate and simplify the management of their complex Windows environments. Our customers have experienced a massive reduction in effort, improved speed of deployment, high reliability, and comprehensive reporting. ... -
12
Harbor
An open source trusted cloud native registry project that stores
Harbor is an open-source trusted cloud native registry project that stores, signs, and scans content. Harbor extends the open-source Docker Distribution by adding the functionalities usually required by users such as security, identity and management. Having a registry closer to the build-and-run environment can improve the image transfer efficiency. Harbor supports replication of images between registries, and also offers advanced security features such as user management, access control... -
13
Rust Monero Library
The Rust Monero library published on crates.io
Library with support for de/serialization on block data structures and key/address generation and scanning related to Monero cryptocurrency. -
14
ruroco
A tool that lets you execute commands on a server
Ruroco is a tool that lets you execute commands on a server by sending UDP packets. The commands are configured on the server side, so the client does not define what is going to be executed, it only picks from existing commands. -
15
Gitleaks
Protect and discover secrets using Gitleaks
...Gitleaks-Action is our official GitHub Action. You can use it to automatically run a gitleaks scan on all your team's pull requests and commits, or run on-demand scans. If you are scanning repos that belong to a GitHub organization account, then you'll have to obtain a license. Gitleaks can be installed using Homebrew, Docker, or Go. Gitleaks is also available in binary form for many popular platforms and OS types on the releases page. In addition, Gitleaks can be implemented as a pre-commit hook directly in your repo or as a GitHub action using Gitleaks-Action. -
16
pikepdf
A Python library for reading and writing PDF, powered by QPDF
pikepdf is a Python library allowing the creation, manipulation, and repair of PDFs. It provides a Pythonic wrapper around the C++ PDF content transformation library, QPDF. Python + QPDF = “py” + “qpdf” = “pyqpdf”, which looks like a dyslexia test and is no fun to type. But say “pyqpdf” out loud, and it sounds like “pikepdf”. pikepdf is a library intended for developers who want to create, manipulate, parse, repair, and abuse the PDF format. It supports reading and write PDFs, including... -
17
OSS Review Toolkit
A suite of tools to automate software compliance checks
OSS Review Toolkit (ORT) is a suite of tools designed to automate the process of reviewing and ensuring compliance of open-source software dependencies. It assists in analyzing project dependencies, scanning for license information, and evaluating compliance with customizable policies. ORT supports integration into CI/CD pipelines, making it a valuable asset for organizations aiming to maintain open-source compliance at scale. -
18
Scapy
Scapy is a Python-based interactive packet manipulation program
...It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow fast packet prototyping by using default values that work. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, wireshark, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining techniques (VLAN hopping+ARP cache poisoning, VoIP decoding on WEP protected channel, ...), etc. ... -
19
Semgrep
Lightweight static analysis for many languages
...Find and prevent security issues in Terraform, Docker, Kubernetes, nginx, and AWS configs before they go into production. Go beyond application code and protect the entire stack with a breadth of scanning capabilities. Don't leak secrets, scan every commit and ensure secrets don't make it to production. Protect the privileged CI/CD environment from malicious activity that could result in access to source code, secrets, and more. Run with registry rules or your own. Code is analyzed locally (not uploaded). Get results at ludicrous speed with diff-aware scans, review findings in MR and PR comments, and deploy Semgrep across your organization’s projects. ... -
20
Capslock
Tool to remap Caps Lock key behavior on Windows systems
Capslock is a command-line tool for analyzing the capabilities of Go packages to reveal what privileged operations their code and dependencies can perform. Rather than detecting vulnerabilities, Capslock focuses on identifying capabilities — permissions implied by calls to sensitive or privileged standard library functions, such as file system access, networking, or process control. By following transitive call graphs, it classifies which security-sensitive operations each package can reach,... -
21
WeakAuras
World of Warcraft addon that provides a powerful framework
WeakAuras is a powerful and flexible framework that allows the display of highly customizable graphics on World of Warcraft's user interface to indicate buffs, debuffs, and other relevant information. This addon was created to be a lightweight replacement for Power Auras but has since introduced more functionalities while remaining efficient and easy to use. An intuitive and powerful configuration interface. Custom textures including all textures from Power Auras and Blizzard's spell alerts.... -
22
KubeClarity
KubeClarity is a tool for detection and management of vulnerabilities
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. It scans both runtime K8s clusters and CI/CD pipelines for enhanced software supply chain security. Effective vulnerability scanning requires an accurate Software Bill Of Materials (SBOM) detection. KubeClarity includes a CLI that can be run locally and especially useful for CI/CD pipelines. It allows to analyze images and directories to generate SBOM, and scan it for vulnerabilities. The results can be exported to KubeClarity backend. -
23
React Native Camera Kit
A high performance, easy to use, rock solid camera library
A high-performance, easy-to-use, rock-solid, camera library for React Native apps. A temporary file is created. You must move this file to a permanent location (e.g. the app's 'Documents' folder) if you need it beyond the current session of the app as it may be deleted when the user leaves the app. You can move files by using a file systems library such as react-native-fs or expo-filesystem. (On Android we currently have an unsupported output path prop but it's subject to change at any time). -
24
Tegon
Tegon is an open-source, AI-first alternative to Jira, Linear
Tegon is an AI-first, open-source issue-tracking software that uses AI to smartly automate manual tasks, and workflows or provide more context to engineers for a given task. Manual efforts in task management, such as task triaging and backlog maintenance, can be time-consuming. Engineers often lose time navigating multiple platforms to gather task context, rather than accessing details within the task itself. Issue tracking tools serve as a task database, directing engineers on what to work... -
25
Trivy Operator
Kubernetes-native security toolkit
The Trivy Operator leverages Trivy to continuously scan your Kubernetes cluster for security issues. The scans are summarised in security reports as Kubernetes Custom Resource Definitions, which become accessible through the Kubernetes API. The Operator does this by watching Kubernetes for state changes and automatically triggering security scans in response. For example, a vulnerability scan is initiated when a new Pod is created. This way, users can find and view the risks that relate to...
