Posted on Jun 10 Open source is great for many things, but in particular for Security devtools. In this article, we'll look at some of the best Open Source Security tools on GitHub that you can use to easily boost security of your apps. This list of 5 tools was curated from the Open Source Security Index which contains 100 different projects in total.Oftentimes, security is not the first thing developers think about when developing their apps. In fact, almost always, speed and execution take a priority over great security practices. This sometimes goes unnoticed, but, increasingly often, we see even large companies like Uber, CircleCI, and Atlassian getting hacked.Why is this so? Mostly, because traditionally security tools have been very hard to set up and maintain - in addition they required a lot of expertise from the engineer using them. But this is no longer true! And the following is the list of 5 devtools that are changing this narrative.GitHub: https://github.com/Infisical/infisicalWebsite: https://infisical.com/Infisical is the youngest project on this list, and yet it's already #17. It is an open source end-to-end secret management platform. What does this mean? Infisical provides tools to distribute secrets and environment variables across your infrastructure (e.g., Vercel, AWS, GitHub Actions, Circle CI, etc) and across your team (using a CLI or SDKs to automatically pull the environments with latest secrets). Next to that, it also does automatic secret scanning and secret leak prevention.GitHub: https://github.com/snyk/cliWebsite: https://snyk.io/Snyk CLI brings the functionality of Snyk into your development workflow. It can be run locally or in your CI/CD pipeline to scan your projects for security issues. It supports many languages and tools, including Java, .NET, JavaScript, Python, Golang, PHP, C/C++, Ruby, Scala and more.GitHub: https://github.com/kubeshark/kubesharkWebsite: https://kubeshark.co/Kubeshark is the the API traffic analyzer for Kubernetes providing real-time K8s protocol-level visibility, capturing and monitoring all traffic and payloads going in, out and across containers, pods, nodes and clusters. You can think of it as TCPDump and Wireshark re-invented for Kubernetes. GitHub: https://github.com/supertokens/supertokens-coreWebsite: https://supertokens.com/Supertokens is an open source alternative to Auth0, Firebase Auth, and AWS Cognito. Supertokens architecture is optimized to add secure authentication for your users without compromising on user and developer experience. It is an end-to-end solution with login, sign ups, user and session management – and, most importantly, you can use it without all the complexities of OAuth protocols.GitHub: https://github.com/metlo-labs/metloWebsite: https://www.metlo.com/Metlo allows you to find API vulnerabilities before they make it into production. It scans your mirrored network traffic to create a catalog of all your APIs - even the undocumented, legacy, and shadow APIs. After that, each endpoint is scanned for sensitive data and given a risk score.‍In addition, Metlo alerts you as soon as anomalous API usage patterns are detected and gives you full context around any attack to help quickly fix the vulnerability.As we have seen, each of the above tools provides an (almost) automatic way to make sure that your apps are as secure as possible – thereby making your users safe. Everyone can benefit from trying and learning about these tools, no matter how experienced you are. The fact that these projects are open source provides a unique advantage because every developer can try them out, while at the same they are much easier for large enterprises to adopt – given how stringent their security and complaince policies may be.Please, add to comments if you think some other open source security dev tools should be on this list but were missed. Looking forward to the discussion!Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well Confirm For further actions, you may consider blocking this person and/or reporting abuse Ahmed Radwan - Jun 4 Shinji Nakamatsu - Jun 4 Ashutosh Gautam - Jun 4 BekahHW - Jun 9 Once suspended, mv-turtle will not be able to comment or publish posts until their suspension is removed. Once unsuspended, mv-turtle will be able to comment and publish posts again. Once unpublished, all posts by mv-turtle will become hidden and only accessible to themselves. If mv-turtle is not suspended, they can still re-publish their posts from their dashboard. Note: Once unpublished, this post will become invisible to the public and only accessible to mv-turtle. They can still re-publish the post if they are not suspended. Thanks for keeping DEV Community safe. Here is what you can do to flag mv-turtle: mv-turtle consistently posts content that violates DEV Community's code of conduct because it is harassing, offensive or spammy. Unflagging mv-turtle will restore default visibility to their posts. DEV Community — A constructive and inclusive social network for software developers. With you every step of your journey. Built on Forem — the open source software that powers DEV and other inclusive communities.Made with love and Ruby on Rails. DEV Community © 2016 - 2023. We're a place where coders share, stay up-to-date and grow their careers.