Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
GitHub repository with 2,644 stars and 368 forks.
Language: Open Policy Agent
Topics: appsec, cloudnative, devsecops, golang, hacktoberfest, iac, infrastructure-as-code, open-policy-agent, security, security-tools
Trending score 0.03, activity score 0.02, stars gained +0, forks gained +0.
2026-06-02: 2,644 stars and 368 forks.
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
GitHub repository with 2,644 stars and 368 forks.
Trending score: 0.03; stars gained: +0; forks gained: +0.
Language: Open Policy Agent
Topics: appsec, cloudnative, devsecops, golang, hacktoberfest, iac
Repository for Azure Resource Policy built-in definitions and samples
GitHub repository with 1,684 stars and 1,152 forks.
Trending score: 0.49; stars gained: +2; forks gained: +0.
Language: Open Policy Agent
Topics: azure, policy
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
GitHub repository with 2,644 stars and 368 forks.
Trending score: 0.03; stars gained: +0; forks gained: +0.
Language: Open Policy Agent
Topics: appsec, cloudnative, devsecops, golang, hacktoberfest, iac
Threat model for Amazon S3 - Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach
GitHub repository with 164 stars and 25 forks.
Trending score: 0.05.
Language: Open Policy Agent
The ZAP by Checkmarx Core project
GitHub repository with 15,218 stars and 2,563 forks.
Trending score: 1.82; stars gained: +8; forks gained: +0.
Language: Java
Topics: zap, zap-development, dast, appsec, zaproxy, security
Security-native LLM system for AI-generated application security.
GitHub repository with 179 stars and 52 forks.
Trending score: 1.39; stars gained: +27; forks gained: +12.
Language: Python
Topics: ai-security, appsec, code-security, llm, mcp, qlora
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
GitHub repository with 13,253 stars and 18,179 forks.
Trending score: 1.39; stars gained: +14; forks gained: +9.
Language: TypeScript
Topics: owasp, javascript, vulnerable, hacking, application-security, owasp-top-10
High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. 487 detection rules with live credential validation.
GitHub repository with 589 stars and 62 forks.
Trending score: 0.98; stars gained: +7; forks gained: +0.
Language: Go
Topics: appsec, burp-suite-extension, chrome-extension, credential-scanner, devsecops, go
AI-powered offensive security agent with 7,300+ actionable security skills. Autonomous pentesting powered by MITRE ATT&CK (2,000+ Atomic tests), CIS Benchmarks (1,500+ controls), OWASP, NIST. Lazy-loading, zero context pollution. Your AI red team.
GitHub repository with 301 stars and 57 forks.
Trending score: 0.51; stars gained: +2; forks gained: +0.
Language: TypeScript
Topics: ai, ai-agent, bug-bounty, cybersecurity, devsecops, ethical-hacking
OWASP VulnerableApp Project: Break it. Scan it. Reproduce it. Benchmark against it. Improve it.
GitHub repository with 414 stars and 700 forks.
Trending score: 0.49; stars gained: +2; forks gained: +2.
Language: Java
Topics: appsec, burpsuite, css, hacktoberfest, java, javascript