Security Assessment Tools
https://github.com/microsoft/AttackSurfaceAnalyzer
https://www.open-scap.org/
,
oscap
tool does local system security checks
oscap manual
https://github.com/Yelp/detect-secrets
, detect secrets in config and source code files