Please turn on your JavaScript for this page to function normally.
Terminal
Solving the problem of secrets sprawling in corporate codebases

GitGuardian announced the results of its report which extends its previous edition focused on public GitHub by depicting a realistic view of the state of secrets sprawl in …

Handshake
Contrast Security partners with GitHub to deliver pipeline-native security to developers

Contrast Security announced its partnership with GitHub and the availability of its suite of GitHub Actions, simplifying the process for developers to ensure the code they …

application security testing
GoTestWAF: Open-source project for evaluating web application security solutions

GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, etc. It was …

CasaOS
CasaOS: Open-source home cloud based on the Docker ecosystem

For parents and families, the thought of someone gaining access to sensitive information can be nothing short of a nightmare. However, one group of developers are on a mission …

xmgoat
XMGoat: Open-source pentesting tool for Azure

XMGoat is an open-source tool that enables penetration testers, red teamers, security consultants, and cloud experts to learn how to abuse different misconfigurations within …

Kafdrop
Kafdrop flaw allows data from Kafka clusters to be exposed Internet-wide

Researchers at Spectral discovered a security flaw in Kafdrop, a popular open-source UI and management interface for Apache Kafka clusters that has been downloaded more than …

Acra
Acra: Open-source database protection with field-level encryption and intrusion detection

Cossack Labs updated its flagship open-source product Acra database security suite to version 0.90.0 and made many of its core security features previously available only for …

npm
GitHub fixed serious npm registry vulnerability, will mandate 2FA use for certain accounts

GitHub has fixed a serious vulnerability that would have allowed attackers to publish new, malicious versions of any existing package on the npm registry. About the fixed …

Dependency Combobulator
Dependency Combobulator: Open source toolkit to combat dependency confusion attacks

Apiiro released Dependency Combobulator, a modular and extensible open source toolkit to detect and prevent dependency confusion attacks. The toolkit, available on GitHub, …

UA-Parser-js
Popular npm package hijacked, modified to deliver cryptominers

Several versions of the npm package for UA-parser.js, a widely used JavaScript library, have been modified to include malicious code and have been made available for download. …

ThreatMapper
ThreatMapper: Open source platform for scanning runtime environments

Deepfence announced open source availability of ThreatMapper, a signature offering that automatically scans, maps and ranks application vulnerabilities across serverless, …

KuberLogic
KuberLogic open-source platform turns infrastructure into a managed PaaS

CloudLinux launched a new open-core project – KuberLogic – software that allows DevOps to set up scalable, self-healing PaaS on top of your Kubernetes cluster. Available on …

Don't miss

Cybersecurity news