I built securityheaders.io after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites were using these headers and I figured I'd turn it into a useful tool for everyone to use!
There are services out there that will analyse the HTTP response headers of other sites but I also wanted to add a rating system to the results. The HTTP response headers that this site analayses provide huge levels of protection and it's important that sites deploy them. Hopefully, by providing an easy mechanism to assess them, and further information on how to deploy missing headers, we can drive up the usage of security based headers across the web.

Open source HTML5 hybrid app framework for PhoneGap & Cordova
Mobile-optimized HTML5, CSS and JavaScript with Web components
Responsive layout, Material and Flat design

Passbolt is a free and open source password manager that allows team members to store and share credentials securely. Passbolt is free, open source and respectful of your privacy. It is also extensible thanks to its restful API. It's based on OpenPGP and has a Firefox extension.

Snyk helps you use open source and stay secure.
Continuously find & fix vulnerabilities in your dependencies.

stylefmt is a tool that automatically formats your stylesheets.

A Hazzle-Free Way to Self-Host Google Fonts

Concourse is a pipeline-based CI system written in Go.
Rather than a myriad of checkboxes, pipelines are defined as a single declarative config file, composing together just three core concepts.
As your project grows, your pipeline will grow with it, and remain understandable.

Huginn is a system for building agents that perform automated tasks for you online. They can read the web, watch for events, and take actions on your behalf. Huginn's Agents create and consume events, propagating them along a directed graph. Think of it as a hackable Yahoo! Pipes plus IFTTT on your own server. You always know who has your data. You do.

Drone is an open source Continuous Delivery platform that automates your testing and release workflows. It is built on container technology. Every build is executed inside an ephemeral Docker container, giving developers complete control over their build environment with guaranteed isolation.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

WhatWeb identifies websites. Its goal is to answer the question, “What is that Website?”. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 900 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.

Penetration Testing Linux OS containing tools to test the security of system or a network.

Straightforward, Heroku-style, push-based deployment. Your deploys can become as simple as this:

$ git push production master

Isolate your React UI Component development from the main app. Now you can develop and design React UI components without running your app. You just load your UI components into the React Storybook and start developing them.
This functionality allows you to develop UI components rapidly without worrying about the app. It will improve your team’s collaboration and feedback loop.

OpenRefine is a powerful tool for working with messy data: cleaning it; transforming it from one format into another; and extending it with web services and external data.

Roots helps you build better WordPress sites faster.
Open-source tools for WordPress application development.

• LEMP stack
• Project boilerplate
• Starter theme

VersionPress is a free and open source version control plugin for WordPress built on Git. You can:

Undo changes
Create staging sites
Merge databases  ← yes, really!

Simply update your sites with confidence.

DuckRails is a development tool.

Its main purpose is to allow developers to quickly mock API endpoints that for many possible reasons can't reach at a specific time.

Mailtrain is a self hosted newsletter application built on Node.js (v5+) and MySQL (v5.5+ or MariaDB). Mailtrain supports subscriber list management, list segmentation, custom fields, email templates, large CSV list import files, etc.

Vegeta is a versatile HTTP load testing tool built out of a need to drill HTTP services with a constant request rate. It can be used both as a command line utility and a library.