From 4d1c27d9234e4d49afa38c720b2c7f929d16b986 Mon Sep 17 00:00:00 2001 From: Mads Jensen Date: Thu, 17 Jun 2021 15:33:06 +0200 Subject: [PATCH] Add tfsec to development section --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d54d83a..37a3b55 100644 --- a/README.md +++ b/README.md @@ -296,6 +296,7 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog - [OWASP ZAP Node API](https://github.com/zaproxy/zap-api-nodejs) - Leverage the OWASP Zed Attack Proxy (ZAP) within your NodeJS applications with this official API. - [GuardRails](https://github.com/apps/guardrails) - A GitHub App that provides security feedback in Pull Requests. - [Checkov](https://github.com/bridgecrewio/checkov/) - A static analysis tool for infrastucture as code (Terraform). +- [TFSec](https://github.com/tfsec/tfsec/) - A static analysis tool for infrastucture as code (Terraform). - [KICS](https://github.com/Checkmarx/kics) - Scans IaC projects for security vulnerabilities, compliance issues, and infrastructure misconfiguration. Currently working with Terraform projects, Kubernetes manifests, Dockerfiles, AWS CloudFormation Templates, and Ansible playbooks. - [Insider CLI](https://github.com/insidersec/insider) - A open source Static Application Security Testing tool (SAST) written in GoLang for Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C# and Javascript (Node.js). @@ -327,7 +328,7 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog - [Securing DevOps](https://manning.com/books/securing-devops) - A book on Security techniques for DevOps that reviews state of the art practices used in securing web applications and their infrastructure. - [ansible-os-hardening](https://github.com/dev-sec/ansible-os-hardening) - Ansible role for OS hardening - [bunkerized-nginx](https://github.com/bunkerity/bunkerized-nginx) - nginx Docker image secure by default -- [Trivy](https://github.com/aquasecurity/trivy) - A simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for CI. +- [Trivy](https://github.com/aquasecurity/trivy) - A simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for CI. ## Operating Systems @@ -335,7 +336,7 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog - [Qubes OS](https://www.qubes-os.org/) - Qubes OS is a free and open-source security-oriented operating system meant for single-user desktop computing. - [Whonix](https://www.whonix.org) - Operating System designed for anonymity. -- [Tails OS](https://tails.boum.org/) - Tails is a portable operating system that protects against surveillance and censorship. +- [Tails OS](https://tails.boum.org/) - Tails is a portable operating system that protects against surveillance and censorship. ### Online resources @@ -405,7 +406,7 @@ Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technolog - [Awesome Crypto Papers](https://github.com/pFarb/awesome-crypto-papers) - A curated list of cryptography papers, articles, tutorials and howtos. - [Awesome Shodan Search Queries](https://github.com/jakejarvis/awesome-shodan-queries) - A collection of interesting, funny, and depressing search queries to plug into Shodan.io. - [Awesome Anti Forensics](https://github.com/remiflavien1/awesome-anti-forensic) - A collection of awesome tools used to counter forensics activities. -- [Awesome Security Talks & Videos](https://github.com/PaulSec/awesome-sec-talks) - A curated list of awesome security talks, organized by year and then conference. +- [Awesome Security Talks & Videos](https://github.com/PaulSec/awesome-sec-talks) - A curated list of awesome security talks, organized by year and then conference. ### Other Common Awesome Lists