Security covers repositories for testing, hardening, and monitoring the security of applications and infrastructure. This includes penetration testing tools (Metasploit, Nmap), web application scanners (OWASP ZAP), secrets management (HashiCorp Vault), identity and access management (Keycloak), and network analysis tools like Wireshark. It also covers libraries for authentication, encryption, and vulnerability scanning integrated directly into application code.
Tools in this tag generally serve one of two purposes: finding vulnerabilities or preventing them. Scanners and testing tools like OWASP ZAP and Nmap probe running systems for known weaknesses, misconfigurations, or open ports, and are typically run against staging environments or with explicit authorization rather than production systems without warning. Preventive tools, such as secrets managers and identity providers, get built directly into an application's infrastructure to reduce the attack surface in the first place, for example by centralizing credential storage instead of hardcoding secrets in configuration files.
Self-hosting security infrastructure like Vault or Keycloak gives full control over sensitive data such as secrets and user credentials, but also means the organization is responsible for keeping that infrastructure patched and monitored, since a vulnerability in the security tool itself is a high-value target.
For any security tool, checking the project's own vulnerability disclosure history and how quickly maintainers patch reported issues is a reasonable proxy for how seriously the project treats its own security posture.
Comparison points: