Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-devsecops_ru
Подборка выступлений и публикаций на тему DevSecOps на русском и не только)
https://github.com/devops-ru/awesome-devsecops_ru
- Управление секретами при помощи Hashicorp Vault // Сергей Носков, Avito - Moscow-in-Russian/), [слайды](https://speakerdeck.com/devopsmoscow/upravlieniie-siekrietami-v-avito-pri-pomoshchi-hashicorp-vault)
- Управление секретами при помощи Hashicorp Vault в Авито / Сергей Носков (Авито) (DevOpsConf Russia 2018)
- Страх и ненависть DevSecOps // Шабалин Юрий, Swordfish Security - Moscow-in-Russian/), [слайды](https://speakerdeck.com/devopsmoscow/strakh-i-nienavist-devsecops)
- Security Compliance & DevOps // Степан Носов, IPONWEB - Moscow-in-Russian/), [слайды](https://speakerdeck.com/devopsmoscow/security-compliance-and-devops)
- Безопасность в Kubernetes (Дмитрий Лазаренко, Mail.Ru Cloud Solutions) / ♥ Kubernetes meetup
- Practical steps for securing your container deployment, Liz Rice, Aqua Security
- Modern security with microservices and the cloud, Seth Vargo, Google
- Мониторинг безопасности сайтов / Григорий Земсков (Ревизиум) (РИТ++2018, RootConf)
- Enabling shift-left for 12k banking developers from scratch (DevSecCon London 2018)
- Maginot Line - 6 Common AppSec Anti-Patterns Preventing your Success (DevSecCon Singapore 2018)
- Безопасность internal сервисов, Всеволод Поляков
- 1 - guide-to-automating-hashicorp-vault-2-authenticating-with-instance-metadata-c3f9eaeaba53), [3](https://blog.gruntwork.io/a-guide-to-automating-hashicorp-vault-3-authenticating-with-an-iam-user-or-role-a3203a3ee088)
- TLDR Безопасность разработки в Agile проектах
- What Your Kubernetes Security Checklist Might Be Missing by Jim Bugwadia from Nirmata
- A continuation of devops: policy as code by Gareth Rushgrove, QCon London 2019
- CONTINUOUS SECURITY IN THE DEVOPS WORLD by JULIEN VEHENT from MOZILLA SECURITY
- Саммари “Unit Testing Your Kubernetes Configurations Using Open Policy Agent — Gareth Rushgrove”, KubeCon + CloudNativeCon Europe 2019
- Software Security Field Guide for the Bewildered от Ian Miell
- The Path Less Traveled: Abusing Kubernetes Defaults, Black Hat USA 2019
- Безопасность Docker
- Обзор утилит безопасности Docker
- Способы и примеры внедрения утилит для проверки безопасности Docker
- Репозиторий с примерами из статей
- Платформа для изучения HashiCorp Vaut
- Крутая подборка небольших описаний методологий разработки
- Security in Google Cloud Platform Specialization (Coursera)
- Безопасность разработки в Agile проектах
- The Early Security Engineer’s First 90 Days Checklist
- AWS Security Best Practices
- 10 Docker Image Security Best Practices
- AWS re:Invent 2017: Making the Shift from DevOps to Practical DevSecOps (ABD337)
- DevOps and Cyber Security in AWS (DevSecOps)
- 8 Google Cloud Security Best Practices
- A Security Practitioners Guide to Best Practice GCP Security (Cloud Next '18)
- Best Practices for Privacy and Security in GCE (Cloud Next '19)
- Linux logs data sources (for Information Security purposes). Links to appropriate Splunk Apps are available as well - abdullin-11010635/)
- DevSec Hardening Framework
- Secure DevOps Practices poster
Programming Languages