# Tool ## Certification - [SecureNavi](https://secure-navi.jp/) ## CSPM - [CloudSploit](https://github.com/aquasecurity/cloudsploit) ## Dependency - [octovy](https://github.com/m-mizutani/octovy) - scanner(trivy) - [trivy](https://github.com/aquasecurity/trivy) - [コンテナï¼Kubernetesã®è„†å¼±æ€§ã€æ©Ÿå¯†æƒ…å ±ã€è¨å®šé–“é•ã„ãŒåˆ†ã‹ã‚‹OSS「Trivyã€å¾¹åº•è§£èª¬ï½žã‚‚ã†ã‚¤ãƒ¡ãƒ¼ã‚¸ã‚¹ã‚ャンã ã‘ã¨ã¯è¨€ã‚ã›ãªã„](https://atmarkit.itmedia.co.jp/ait/articles/2206/24/news011.html) - [vuls](https://github.com/future-architect/vuls) - [dependency track](https://dependencytrack.org/) - [bundler-audit](https://github.com/rubysec/bundler-audit) - [OSV-Scanner](https://github.com/google/osv-scanner) ## Docker - [Docker Bench for Security](https://github.com/docker/docker-bench-security) ## ImageMagick - [ImageMagick Security Policy Scanner](https://imagemagick-secevaluator.doyensec.com/) ## Open Source Health Check - [snyk Advisor](https://snyk.io/advisor/) - [Deadpendency](https://deadpendency.com/) - [Socket](https://socket.dev/) ## SAST - [GitHub Workflow Auditor](https://github.com/tindersec/gh-workflow-auditor) - [mobsfscan](https://github.com/MobSF/mobsfscan) ## DAST - [Aeyescan](https://www.aeyescan.jp/) - [Burp Suite](https://portswigger.net/burp) - [OWASP ZAP](https://www.zaproxy.org/) - [STACKHAWK](https://www.stackhawk.com/) ## Secret Scan - [GitGuardian](https://www.gitguardian.com/) - [gitleaks](https://github.com/zricethezav/gitleaks) - [TruffleHog](https://github.com/trufflesecurity/trufflehog) ## SBOM - [SBOM Tool](https://github.com/microsoft/sbom-tool) ## Multiple Feature - [Detectify](https://detectify.com/) - [Shisho](https://shisho.dev/) - [Snyk](https://snyk.io/) - [DefectDojo](https://github.com/DefectDojo/django-DefectDojo) - [S4](https://s-4.jp/service) - [yamory](https://yamory.io/) ## Countermeasures against misconfiguration - [Cloudbase](https://cloudbase.ink/) - [CloudHealth Secure State](https://cloudhealth.vmware.com/jp/products/cloudhealth-secure-state.html) ## Find more - [OSS Insight Security Tool - Ranking](https://ossinsight.io/collections/security-tool/) ## Other - [Monad](https://www.monad.security/)