Awesome DevSecOps

General

Repositories

• awesome-devsecops: Curating the best DevSecOps resources and tooling 🌟 (Recommended)
• dynamic-analysis: A curated list of dynamic analysis tools and linters
• static-analysis: A curated list of static analysis (SAST) tools and linters 🌟 (Recommended)
• awesome-iam: 👤 Identity and Access Management knowledge for cloud platforms 🌟 (Recommended)

Technique

• Deepfactor - Security Scanning Tools Defined: SAST, IaC, SCA, DAST, IAST/RASP, Container Runtime Security and Runtime SCA 🌟 (Recommended)
• Outpost24 - What is best for application security testing: SAST, DAST, or SCA
• Microsoft - Zero Trust DevSecOps

Technology

• OWASP - DevSecOps Guideline 🌟 (Recommended)
• Medium - Building end-to-end DevSecOps for AWS Migration: Security at Entry Level with open source SCA, SAST and DAST tools
• Medium - Establishing an Enterprise-Ready DevSecOps CI/CD Pipeline on GitHub Actions on Google Cloud
• AWS - Building an end-to-end Kubernetes-based DevSecOps software factory on AWS 🌟 (Recommended)

Stories

• PlatformEngineering - Applying DevSecOps to Kubernetes
• Wiz Security - Kubernetes DevSecOps

DevSecOps Tools

SAST

• Sonarqube: An on-premise analysis tool designed to detect coding issues 🌟 (Recommended)

  • Sonar Rule - The collections of rule integrate into Sonarqube Server

• trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more 🌟 (Recommended)

• GitGuardian ggshield: a CLI application that runs in your local environment or in a CI environment to help you detect more than 500+ types of secrets. 🌟 (Recommended)