Skip to content

northwood-labs/devsec-tools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

73 Commits
.githooks
.githooks
 
 
.github
.github
 
 
.vscode
.vscode
 
 
cmd
cmd
 
 
deploy @ 165ce5a
deploy @ 165ce5a
 
 
docs
docs
 
 
internal
internal
 
 
localdev
localdev
 
 
pkg
pkg
 
 
.dcignore
.dcignore
 
 
.ecrc
.ecrc
 
 
.editorconfig
.editorconfig
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
.golangci.yml
.golangci.yml
 
 
.gommit.toml
.gommit.toml
 
 
.hadolint.yml
.hadolint.yml
 
 
.licensei.toml
.licensei.toml
 
 
.mailmap
.mailmap
 
 
.markdownlint.base.jsonc
.markdownlint.base.jsonc
 
 
.markdownlint.jsonc
.markdownlint.jsonc
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.style.yapf
.style.yapf
 
 
.taplo.toml
.taplo.toml
 
 
.trivyignore
.trivyignore
 
 
.yamlfmt.yaml
.yamlfmt.yaml
 
 
Brewfile
Brewfile
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
COVERAGE.md
COVERAGE.md
 
 
LICENSE.txt
LICENSE.txt
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
cliff.toml
cliff.toml
 
 
ecrc.toml
ecrc.toml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
go.tools.mod
go.tools.mod
 
 
go.tools.sum
go.tools.sum
 
 
main.go
main.go
 
 
openapi.json
openapi.json
 
 
poetry.lock
poetry.lock
 
 
pyproject.toml
pyproject.toml
 
 
standard.mk
standard.mk
 
 
trivy-license.yaml
trivy-license.yaml
 
 
trivy-vuln.yaml
trivy-vuln.yaml
 
 
unit-coverage.png
unit-coverage.png
 
 
unit-coverage.svg
unit-coverage.svg
 
 

Repository files navigation

DevSec Tools

DevSec Tools is a suite of tools that are useful for DevSecOps workflows. Its goal is to simplify and streamline the process of developing, securing, and operating software and systems for the web.

This package provides both lower-level Go libraries, as well as a CLI tool for running security scans. It is the CLI equivalent to devsec.tools.

CLI usage

devsec-tools --help

Check supported HTTP versions for a domain

Tip

If you do not provide a scheme, devsec-tools will assume https:. If you explicitly want to test http:, you should specify that in the domain name.

devsec-tools http --help
devsec-tools http apple.com
devsec-tools http http://localhost:8080

Check supported TLS versions and cipher suites for a domain

devsec-tools tls --help
devsec-tools tls google.com

Modes

CLI

When installed locally, devsec-tools will run in CLI-mode and operate just like any other CLI tool.

Lambda

When deployed to an AWS Lambda environment, devsec-tools will run in Lambda-mode and will look for events received from endpoints via Amazon API Gateway v2.

Other?

In the future we may add more modes, depending on support from cloud serverless providers.

We are also planning to investigate the feasibility of WASM/WASI compatibility, as well as compatibility with TinyGo.

Documentation

More thorough documentation can be found in the ./docs/ directory of this repository.

About

Tools that are useful for DevSecOps workflows.

Topics

go docker cli golang dockerfile sha256 golang-library sha256-hash github-actions

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Contributors

Languages