An awesome list of OSS developer-first security tools

An ongoing & curated collection of awesome software practices and remediation, libraries and frameworks,payloads and techniques, best guidelines and technical resources about Application Security

Application scanning component of OWASP PurpleTeam

TLS scanning component of OWASP PurpleTeam

Fleet AI Security Posture Management (AI-SPM): client agents on each developer machine score their AI coding agents' guard surfaces (Claude Code, Cursor, Codex, Gemini CLI — permissions, hooks, sandboxes, mcp.json) and ship hash-anchored events to a central server + your SIEM. Fleet-wide posture; measures, doesn't block. Rust.

Infrastructure as Code for SUTs

Server scanning component of OWASP PurpleTeam

Stage Two containers of OWASP PurpleTeam

AWS Lambda functions of OWASP PurpleTeam

How to identify, analyze, and report targeted phishing campaigns on GitHub — with real-world case studies and a step-by-step takedown workflow.

Security scanner for VSIX, MCP, AI IDEs, and developer workflow attack paths.

Instructions and materials to run the HIPSTER workshop

AI-powered vulnerability reporting platform that automates pentest report generation from raw findings into professional, client-ready deliverables.

Claude Code skill that hardens package manager configs against supply chain attacks. Run /harden once, it detects what you have and secures it.

Socket — supply chain security for npm/PyPI/Go and other open source ecosystems

Free application security, secure coding, AI security, and real-world incident learning resources.

Endpoint security for the AI developer — monitor what AI coding agents actually do on your machine.

8 Best AI Coding Agent Guard Surfaces 2026 – Sigil Hook & Sandbox Review

Secure GitHub accounts by spotting phishing, tracing social engineering, and handling malicious links with safe analysis and takedown steps