5 open source security tools too good to ignore

Look to these clever open source tools to keep secrets out of source code, identify malicious files, block malicious processes, and keep endpoints safe

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Open source is a wonderful thing. A significant chunk of today’s enterprise IT and personal technology depends on open source software. But even while open source software is widely used in networking, operating systems, and virtualization, enterprise security platforms still tend to be proprietary and vendor-locked. Fortunately, that’s changing. 

If you haven’t been looking to open source to help address your security needs, it’s a shame—you’re missing out on a growing number of freely available tools for protecting your networks, hosts, and data. The best part is, many of these tools come from active projects backed by well-known sources you can trust, such as leading security companies and major cloud operators. And many have been tested in the biggest and most challenging environments you can imagine. 

Open source has always been a rich source of tools for security professionals—Metasploit, the open source penetration testing framework, is perhaps the best-known—but information security is not restricted to the realm of researchers, investigators, and analysts, and neither are the five open source security tools we survey below. IT administrators and software developers have a key role to play, and with these five tools, they can make a difference. 

Commit Watcher: Check code repos for secrets

Secrets don’t belong in open source repositories, but that doesn’t stop absentminded developers from storing them there. We’ve all read the reports of people accidentally exposing private Amazon Web Services keys, hard-coded passwords, or API tokens by uploading them to GitHub or other code repositories.

To combat this, SourceClear came up with Commit Watcher, a free open source tool that looks for potentially hazardous commits in public and private Git repositories. Developers and administrators alike can use Commit Watcher to monitor their own projects for accidental credential disclosures and public projects they use regularly to find out if there are any issues in those projects. For example, when a public project is updated with a commit such as “fixes XSS attack,” then Commit Watcher will notify the developer who works with it to grab a newer version of the dependency.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.