awesome-devsecops

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
https://github.com/devsecops/awesome-devsecops

Last synced: 6 days ago
JSON representation

Threat Intelligence
- Alien Vault OTX
- IBM X-Force
- OpenTPX
- Passive Total
- IntelMQ Feeds
- Passive Total
- STIX, TAXII
- Critical Stack
- Threat Connect
Guidelines
- Introduction to DevSecOps - DZone Refcard
- Introduction to security testing and tools
- Security Champions Playbook
- Security Guide for Web Developers
- A practical guide to build DAST with OWASP Zap
- DevSecOps Hub
Presentations
- DevSecOps: Taking a DevOps Approach to Security
- Mozilla's Test Driven Security in Continuous Integration
- DevSecOps: Taking a DevOps Approach to Security
- Security DevOps - staying secure in agile projects
- Veracode's Defending the Cloud from a Full Stack Hack
- Put Your Robots to Work: Security Automation at Twitter
- The Three Faces of DevSecOps
Initiatives
- DevOps and Audit Resources
- DevSecOps
- OpenDevSecOps
- Rugged DevOps
- DevSecOps
- AWS Labs
Keeping Informed
- Azure Security
- AWS Security
- Security Newsletter
- SRE Weekly
Wardley Maps for Security
- Check out Figure 6 for Comparisons
- Introduction to Wardley Maps
- Security Industry Example
- SOC Value Chain & Delivery Models
- DevSecOps Repo for Security Maps
Labs
- Infoseclabs
- Pentester Lab
- Infoseclabs
- Infoseclabs
- DevSecOps Bootcamp
- Infrastructure Monitoring
- Pentester Lab
- Vulnhub
Vulnerable Test Targets
- Metasploitable
- Mutillidae
- Damn Vulnerable Web Application
- LambHack
- Mutillidae
- NodeGoat
- OWASP Damn Vulnerable Serverless Application (DVSA)
- OWASP Juice Shop
- RailsGoat
- WebGoat
- WebGoat.Net
- WebGoatPHP
Conferences
- DevOps Connect
- DevOps Days
- IP Expo
- ISACA Ireland
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- DevOps Connect
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- IP Expo
- DevOps Connect
- Goto Conference
- AWS re:Inforce
- RSA Conference
- All Day DevOps
Podcasts
- DevOps Cafe
- Food Fight Show
- Software Engineering Radio
- Take 1 Security Podcast
- Tenable Security Podcast
- The Secure Developer
- Take 1 Security Podcast
- DevOps Cafe
- Food Fight Show
- Arrested DevOps
- Down The Security Rabbithole
Books
- The DevOps Handbook (Section VI)
- DevOpsSec
- Docker Securitiy - Quick Reference
- Holistic Info-Sec for Web Developers
Hunting
- Mirador
- osquery
- GRR
- kube-hunter
- mig
- moloch
- MozDef
- osxcollector
Testing
- Contrast Security
- David
- Gauntlt
- Hakiri
- IronWASP
- Lynis
- Node Security Platform
- npm-outdated
- OWASP OWTF
- RIPS
- SourceClear
- Chef Inspec
- IronWASP
- Checkov
- Deepfence ThreatMapper
- Gauntlt
- Hakiri
- HusckyCI
- IronWASP
- kube-bench
- microscanner
- OSS Fuzz
- OWASP ZAP Node API
- Progpilot
- RetireJS
- RIPS
- npm-check
- OWASP ZAP
- ShiftLeft Scan
Attack Modeling
- CAPEC
- Larry Osterman's Threat Modeling
- Threat Risk Modeling
- SeaSponge
- SeaSponge
- IriusRisk
Secret Management
- Vault
- BlackBox
- Conjur
- CredStash
- Git Secrets
- Sops
- Transcrypt
- Vault
Alerting
- Alerta
- 411
- Elastalert
Red Team
- EyeWitness
- Hound
Dashboards
- Kibana
Automation
- Demisto
- StackStorm
- Insider CLI
Visualization
- ShadowBuster
- Wazuh
ChatOps
- HipChat
- MatterMost

Programming Languages

Python 8 Go 7 Shell 5 JavaScript 4 PHP 3 Ruby 2 HTML 2 TypeScript 1 Dockerfile 1

Categories

Conferences 47 Testing 29 Vulnerable Test Targets 12 Podcasts 11 Threat Intelligence 9 Labs 8 Hunting 8 Secret Management 8 Presentations 7 Guidelines 6 Initiatives 6 Attack Modeling 6 Wardley Maps for Security 5 Books 4 Keeping Informed 4 Automation 3 Alerting 3 Visualization 2 Red Team 2 ChatOps 2 Dashboards 1

Sub Categories

Keywords

security 7 vulnerabilities 6 devops 4 javascript 4 security-tools 4 owasp 3 python 3 nodejs 2 php 2 vulnerability-scanners 2 secrets 2 secret-distribution 2 secret-management 2 ruby-on-rails 2 kubernetes 2 static-analysis 2 devsecops 2 security-automation 2 observability 1 registry-scanning 1 scanning-tool 1 secops 1 threat-analysis 1 cwpp 1 vulnerability-detection 1 vulnerability-management 1 auto-remediation 1 automation 1 chatops 1 cicd 1 deployment 1 ifttt 1 sre 1 st2 1 stackstorm 1 workflows 1 cis-benchmark 1 cis-kubernetes-benchmark 1 cis-security 1 kube-bench 1 api 1 books 1 security-book 1 security-checklist 1 appsec 1 owasp-top 1 rails 1 ruby 1 abandoned 1 elasticsearch 1

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

awesome-devsecops

Threat Intelligence

Guidelines

Presentations

Initiatives

Keeping Informed

Wardley Maps for Security

Labs

Vulnerable Test Targets

Conferences

Podcasts

Books

Hunting

Testing

Attack Modeling

Secret Management

Alerting

Red Team

Dashboards

Automation

Visualization

ChatOps