devsecops — independent software & tools
-
niro
Security that keeps up with your developers.
-
pentest-with-LLM
Automate authorized pentesting with LLMs, combining scanning, RAG, and exploit research for faster target analysis, vuln discovery, and reporting
-
AttackMap
AI-assisted defensive security analysis for codebases.
-
ai-harness
Enterprise AI Bootstrapping Harness
-
diffgate
Triage for AI-generated code review: grades each changed diff line green/yellow/orange by impact, so reviewers spend attention where it matters. High-signal, low-noise (0 false blocks), deterministic — in your coding agent (MCP), editor (VS Code), and CLI/CI.
-
pinprick
Pin your GitHub Actions. Prick holes in their supply chain security.
-
trustabl-action
GitHub Action that runs trustabl — static reliability/safety analyzer for AI agent SDKs (Claude, OpenAI, Google ADK, MCP). Gates CI on risk + severity.
-
trusca
Self-hosted, open-source SCA portal — vulnerability (CVE), license compliance, and SBOM management in one UI. Black Duck/Snyk-class capabilities, Apache-2.0.
-
opencode-anthropic-oauth
Restore Claude access in OpenCode with OAuth for Pro/Max logins, token refresh, and Anthropic model support
-
entropy-chaos
Test APIs by generating custom attack scenarios using large language models to uncover logic flaws beyond standard scanners.
-
agent-bom
AI supply-chain & cloud security scanner and self-hosted control plane — agents, MCP, packages, cloud estate, non-human identities, and LLM cost. SBOM/SARIF, graph attack-paths, runtime enforcement, and compliance evidence.
-
ci-cd
🚀 Streamline your development process with this CI/CD setup for Turborepo, featuring tools for type checking, linting, and code formatting.
-
sbomhub
日本市場向けオープンソースSBOM管理ダッシュボード / Open-source SBOM management dashboard with NVD/JVN vulnerability correlation, Japanese UI, and METI guidelines compliance