Open highlighted repo slot
Put your repository first
Promote a GitHub repo at the top of Awesome repository list views for 7 days.
GitHub projects from awesome lists
Search names, descriptions, topics, tags, and stacks, then tune results by ecosystem, freshness, health, and cross-list signal.
Open highlighted repo slot
Promote a GitHub repo at the top of Awesome repository list views for 7 days.
In-depth attack surface mapping and asset discovery
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
AI Agent Governance Toolkit — Policy enforcement, zero-trust identity, execution sandboxing, and reliability engineering for autonomous AI agents. Covers 10/10 OWASP Agentic Top 10.
Open-Source Unified Vulnerability Management, DevSecOps & ASPM
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
The OWASP Developer Guide
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server
Damn Vulnerable NodeJS Application
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Host and manage multiple Juice Shop instances for security trainings and Capture The Flags
A simple web app that helps developers understand the ASVS requirements. Now supporting ASVS 5.0
OWASP Foundation web repository
Security infrastructure your AI can't be — deterministic, daily CVE intel past your model's training cutoff, whole-repo-aware, author-independent, and shift-left: secure_prompt secures the prompt before code generation. The security MCP for vibe coding: 450 rules, 39 tools, CLI + doctor for Next.js, Supabase, Clerk, Stripe, Prisma, Hono & MCP.