xeusnguyen.xyz

Search

Recent Notes

DueWeekly Tech: 02-02-2026 to 01-03-2026
Mar 01, 2026
Kubewekend Session Extra 4: Kind and Sandbox environment for GitLab CI
Mar 01, 2026
Awesome My Blogs
Mar 01, 2026

See 170 more →

❯

Tech Second Brain

❯

❯

Awesome DevSecOps

Awesome DevSecOps

Feb 02, 2026, 2 min read

#devsecops
#collections
#awesome
#usage

General

Repositories

awesome-devsecops: Curating the best DevSecOps resources and tooling 🌟 (Recommended)
dynamic-analysis: A curated list of dynamic analysis tools and linters
static-analysis: A curated list of static analysis (SAST) tools and linters 🌟 (Recommended)
awesome-iam: 👤 Identity and Access Management knowledge for cloud platforms 🌟 (Recommended)
OWASP - Free for Open Source Application Security Tools: the following lists of automated vulnerability detection tools that are free for open source projects have been gathered together here to raise awareness of their availability. 🌟 (Recommended)
Blog - The DevSec Blueprint: a comprehensive, free, and open-source learning guide designed to equip you with the essential skills and knowledge needed to transition into or grow your Cloud Security Development & DevSecOps career.
OWASP - Source Code Analysis Tools: The collections of SAST which organized by OWASP and community contribution

Technique

Outpost24 - What is best for application security testing: SAST, DAST, or SCA
Microsoft - Zero Trust DevSecOps
DoD - DoD Enterprise DevSecOps Source Diagrams - Diagram to visual the DevSevOps Enterprise Architecture of DoD CIO 🌟 (Recommended)

Technology

OWASP - DevSecOps Guideline 🌟 (Recommended)
Medium - Building end-to-end DevSecOps for AWS Migration: Security at Entry Level with open source SCA, SAST and DAST tools
Medium - Establishing an Enterprise-Ready DevSecOps CI/CD Pipeline on GitHub Actions on Google Cloud
AWS - Building an end-to-end Kubernetes-based DevSecOps software factory on AWS 🌟 (Recommended)

Stories

PlatformEngineering - Applying DevSecOps to Kubernetes
Wiz Security - Kubernetes DevSecOps

DevSecOps Tools

Source: OWASP DevSecOps Guideline

SAST

Sonarqube: An on-premise analysis tool designed to detect coding issues 🌟 (Recommended)
Sonar Rule: The collections of rule integrate into Sonarqube Server
trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more 🌟 (Recommended)
GitGuardian ggshield: a CLI application that runs in your local environment or in a CI environment to help you detect more than 500+ types of secrets. 🌟 (Recommended)

DAST

Nettacker : Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
nuclei : Fast and customizable vulnerability scanner based on simple YAML based DSL. Doc and Cloud Platform 🌟 (Recommended)
zaproxy : The ZAP core project 🌟 (Recommended)

Dependencies Check

DependencyCheck: a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

Graph View

General
Repositories
Technique
Technology
Stories
DevSecOps Tools
SAST
DAST
Dependencies Check

Backlinks

No backlinks found

Created with Quartz v4.2.2 © 2026

GitHub
Spiderum
HackMD
Viblo
Medium
Youtube
Twitter
Linkedin