RhinoSecurityLabs's cloudgoat environment could be a great addtion to your vulnerable targets list.
Link to repo: https://github.com/RhinoSecurityLabs/cloudgoat
Played with it myself a bit, and it's a great package with little to nothing monthly costs
OWASP Glue aims to ease the process of integrating exciting security tools into CI. I think it worth adding it - but I'm not sure under which tools category it should be.
I think it might be useful to have a section regarding vulnerability scanners; I'm not totally sure that any of them would fit into any of the existing categories (maybe in testing)? The tools I had in mind are the following:
I propose some could put the testing tools in categories for easier finding what fits your needs. For example some could categorize in native, web app and serverless. Plus categorizing in language, because the list now is quite long and if you only develop for example with ruby only you should walk through around 30 sources which is quite hard. If you agree with that I would like to do a pr.