awesome-devsecops

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
https://github.com/devsecops/awesome-devsecops

Last synced: about 19 hours ago
JSON representation

Initiatives
- OpenDevSecOps
- Rugged DevOps
- DevOps and Audit Resources
- DevSecOps
- OpenDevSecOps
- Rugged DevOps
- DevSecOps
- AWS Labs
Wardley Maps for Security
- Check out Figure 6 for Comparisons
- Introduction to Wardley Maps
- Security Industry Example
- SOC Value Chain & Delivery Models
- Check out Figure 6 for Comparisons
- Introduction to Wardley Maps
- Security Industry Example
- SOC Value Chain & Delivery Models
- DevSecOps Repo for Security Maps
Conferences
- AWS re:Invent
- DevSecCon
- DevOps Days
- Goto Conference
- IP Expo
- ISACA Ireland
- DevOps Connect
- DevOps Days
- IP Expo
- ISACA Ireland
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- DevOps Connect
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- DevOps Connect
- Goto Conference
- AWS re:Inforce
- RSA Conference
- All Day DevOps
Podcasts
- Defensive Security Podcast
- Risky Business
- Software Engineering Radio
- Tenable Security Podcast
- The Secure Developer
- Trusted Sec Podcast
- DevOps Cafe
- Food Fight Show
- Software Engineering Radio
- Take 1 Security Podcast
- Tenable Security Podcast
- The Secure Developer
- Take 1 Security Podcast
- DevOps Cafe
- Food Fight Show
- Arrested DevOps
- Down The Security Rabbithole
Books
- Securing DevOps
- The DevOps Handbook (Section VI)
- DevOpsSec
- Docker Securitiy - Quick Reference
- Holistic Info-Sec for Web Developers
Hunting
- OSSEC
- Mirador
- osquery
- GRR
- kube-hunter
- mig
- moloch
- MozDef
- osxcollector
Testing
- Brakeman
- Chef Inspec
- Contrast Security
- Cohesion
- Infer
- npm-outdated
- SourceClear
- Contrast Security
- David
- Gauntlt
- Hakiri
- IronWASP
- Lynis
- Node Security Platform
- npm-outdated
- OWASP OWTF
- RIPS
- SourceClear
- IronWASP
- Checkov
- Deepfence ThreatMapper
- Gauntlt
- Hakiri
- HusckyCI
- IronWASP
- kube-bench
- microscanner
- OSS Fuzz
- OWASP ZAP Node API
- Progpilot
- RetireJS
- RIPS
- npm-check
- OWASP ZAP
- ShiftLeft Scan
Alerting
- 411
- Elastalert
Threat Intelligence
- IBM X-Force
- OpenTPX
- Alien Vault OTX
- IBM X-Force
- OpenTPX
- Passive Total
- IntelMQ Feeds
- Passive Total
- STIX, TAXII
- Critical Stack
- Threat Connect
Attack Modeling
- CAPEC
- SDL Threat Modeling Tool
- Threat Risk Modeling
- CAPEC
- Larry Osterman's Threat Modeling
- Threat Risk Modeling
- SeaSponge
- SeaSponge
- IriusRisk
Secret Management
- Keybase
- Vault
- BlackBox
- Conjur
- CredStash
- Git Secrets
- Sops
- Transcrypt
- Vault
Sharing
- Speaker Deck
Guidelines
- Introduction to DevSecOps - DZone Refcard
- Introduction to security testing and tools
- Security Champions Playbook
- Security Guide for Web Developers
- A practical guide to build DAST with OWASP Zap
- DevSecOps Hub
Presentations
- DevSecOps: Taking a DevOps Approach to Security
- Mozilla's Test Driven Security in Continuous Integration
- DevSecOps: Taking a DevOps Approach to Security
- Security DevOps - staying secure in agile projects
- Veracode's Defending the Cloud from a Full Stack Hack
- Put Your Robots to Work: Security Automation at Twitter
- The Three Faces of DevSecOps
Keeping Informed
- Azure Security
- AWS Security
- Security Newsletter
- SRE Weekly
Labs
- Infoseclabs
- Pentester Lab
- Infoseclabs
- Infoseclabs
- DevSecOps Bootcamp
- Infrastructure Monitoring
- Pentester Lab
- Vulnhub
Vulnerable Test Targets
- Metasploitable
- Mutillidae
- Damn Vulnerable Web Application
- LambHack
- Mutillidae
- NodeGoat
- OWASP Damn Vulnerable Serverless Application (DVSA)
- OWASP Juice Shop
- RailsGoat
- WebGoat
- WebGoat.Net
- WebGoatPHP
Red Team
- EyeWitness
- Hound
Dashboards
- Kibana
Automation
- Demisto
- StackStorm
- Insider CLI
Visualization
- ShadowBuster
- Wazuh
ChatOps
- HipChat
- MatterMost

Programming Languages

Python 8 Go 7 Shell 5 JavaScript 4 PHP 3 Ruby 2 HTML 2 TypeScript 1 Dockerfile 1

Categories

Conferences 53 Testing 35 Podcasts 17 Vulnerable Test Targets 12 Threat Intelligence 11 Attack Modeling 9 Wardley Maps for Security 9 Secret Management 9 Hunting 9 Initiatives 8 Labs 8 Presentations 7 Guidelines 6 Books 5 Keeping Informed 4 Automation 3 Visualization 2 Red Team 2 ChatOps 2 Alerting 2 Sharing 1 Dashboards 1

Sub Categories

Keywords

security 7 vulnerabilities 6 devops 4 javascript 4 security-tools 4 owasp 3 python 3 nodejs 2 php 2 vulnerability-scanners 2 secrets 2 secret-distribution 2 secret-management 2 ruby-on-rails 2 kubernetes 2 static-analysis 2 devsecops 2 security-automation 2 observability 1 registry-scanning 1 scanning-tool 1 secops 1 threat-analysis 1 cwpp 1 vulnerability-detection 1 vulnerability-management 1 auto-remediation 1 automation 1 chatops 1 cicd 1 deployment 1 ifttt 1 sre 1 st2 1 stackstorm 1 workflows 1 cis-benchmark 1 cis-kubernetes-benchmark 1 cis-security 1 kube-bench 1 api 1 books 1 security-book 1 security-checklist 1 appsec 1 owasp-top 1 rails 1 ruby 1 abandoned 1 elasticsearch 1