Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/astteam/devsecops

开发和安全和运营:DevSecOps-Software development (Dev) and Security (Sec) and IT operations (Ops).
https://github.com/astteam/devsecops

0e0w devops devsecops

Last synced: about 2 months ago
JSON representation

开发和安全和运营:DevSecOps-Software development (Dev) and Security (Sec) and IT operations (Ops).

Awesome Lists containing this project

README

        

# DevSecOps-开发和安全和运营

![DevSecOps](https://socialify.git.ci/ASTTeam/DevSecOps/image?description=1&font=Inter&forks=1&issues=1&name=1&owner=1&pattern=Floating%20Cogs&pulls=1&stargazers=1&theme=Light)

本项目用来收集整理学习DevSecOps相关内容,包括DevSecOps的理念产品以及衍生的工具思路等。包括开源安全、供应链安全、云原生安全等细分领域。当安全是所有 DevOps 的工作重心时,这便是DevSecOps。DevSecOps是一种方法,是将开发和安全和运营紧密结合起来的思想。DevSecOps-Software development (Dev) and Security (Sec) and IT operations (Ops).

本项目创建于2022年10月20日,最近的一次更新时间为2023年10月10日。作者:[0e0w](https://github.com/0e0w/DevOps)

- [01-DevSecOps资源]()
- [02-DevSecOps书籍]()
- [03-DevSecOps工具]()
- [04-DevSecOps产品]()
- [05-DevSecOps职位]()
- [05-DevSecOps老师]()

## 01-DevSecOps资源

- https://github.com/topics/devsecops
- https://github.com/search?q=devsecops

一、基础资源
- [ ] https://github.com/sottlmarek/DevSecOps
- [ ] https://github.com/DefectDojo/django-DefectDojo
- [ ] https://github.com/sidd-harth/kubernetes-devops-security
- [ ] https://github.com/devsecops/awesome-devsecops
- [ ] https://github.com/krol3/container-security-checklist
- [ ] https://github.com/devsecops/bootcamp
- [ ] https://github.com/TaptuIT/awesome-devsecops
- [ ] https://github.com/hahwul/DevSecOps
- [ ] https://github.com/lwindolf/lzone-cheat-sheets
- [ ] https://github.com/magnologan/gha-devsecops
- [ ] https://github.com/zemmali/DevSecOps-Toolchain
- [ ] https://github.com/rcarrata/devsecops-demo
- [ ] https://github.com/OWASP/DevSecOpsGuideline
- [ ] https://github.com/michalkoczwara/DevSecOps-Studio
- [ ] https://github.com/devsecops/devsecops
- [ ] https://github.com/wurstbrot/DevSecOps-MaturityModel
- [ ] https://github.com/dsohk/rancher-devsecops-workshop
- [ ] https://github.com/boozallen/devsecops-example-helloworld
- [ ] https://github.com/stelligent/aws-devsecops-workshop
- [ ] https://github.com/aws-samples/devsecops-cicd
- [ ] https://github.com/PGCSEDS-IIITH/devsecops-iris
- [ ] https://github.com/We5ter/Awesome-DevSecOps-Platforms
- [ ] https://github.com/ztosec/hunter
- [ ] https://github.com/pawnu/PythonSecurityPipeline
- [ ] https://github.com/aws-asean-builders/devsecops
- [ ] https://github.com/baidu/openrasp
- [ ] https://github.com/cloudsecurityalliance/wg-DevSecOps
- [ ] https://github.com/0xsomnus/Solidity-DevSecOps-Standard
- [ ] https://github.com/OWASP/glue
- [ ] https://github.com/OWASP/RiskAssessmentFramework
- [ ] https://github.com/michelin/ChopChop
- [ ] https://github.com/AErmie/DevSecOps
- [ ] https://github.com/GSA/DevSecOps
- [ ] https://github.com/lgmorand/DevSecOpsTable
- [ ] https://github.com/krol3/devsecops-resources
- [ ] https://github.com/GSA/security-benchmarks
- [ ] https://github.com/aws-samples/devsecops-workshop-on-aws
- [ ] https://github.com/PacktPublishing/Accelerating-DevSecOps-on-AWS
- [ ] https://github.com/trufflesecurity/trufflehog
- [ ] https://github.com/SpectralOps/preflight
- [ ] https://github.com/aquasecurity/tfsec
- [ ] https://github.com/aquasecurity/trivy
- [ ] https://github.com/gravitl/netmaker
- [ ] https://github.com/prowler-cloud/prowler
- [ ] https://github.com/bridgecrewio/checkov
- [ ] https://github.com/turbot/steampipe
- [ ] https://github.com/anteater/anteater
- [ ] https://github.com/Swordfish-Security/awesome-devsecops-russia
- [ ] https://mp.weixin.qq.com/s/_jBmFdtyXY5D_YrrTUP1iQ

二、学术论文

- [Google学术搜索](https://scholar.google.com.hk/scholar?hl=zh-CN&as_sdt=0%2C5&q=devsecops&btnG=)

三、论坛社区

- 高效运维社区
- DevOps时代社区

四、其他资源
- [ ] https://github.com/murphysecurity/murphysec
- [ ] https://www.veracode.com/solutions/devsecops
- [ ] https://github.com/BBVA/apicheck
- [ ] https://github.com/defenseunicorns/zarf
- [ ] https://github.com/rcarrata/devsecops-demo
- [ ] https://github.com/fluidattacks/makes
- [ ] https://github.com/cider-security-research/cicd-goat

## 02-DevSecOps书籍

一、中文书籍
- [ ] [《DevSecOps敏捷安全》](https://item.jd.com/13272303.html)@子芽
- [x] [《DevSecOps实战》](https://item.jd.com/13016425.html)@周纪海等著#50%

二、英文书籍
- [ ] [《DevSecOps》](https://item.jd.com/10028188284125.html)@Glenn Wilson
- [ ] [《Learning Devsecops》](https://item.jd.com/10040874594859.html)@Ribeiro
- [ ] https://github.com/6mile/DevSecOps-Playbook

## 03-DevSecOps工具

本部分主要关注DevSecOps中的Sec类工具,其中包括开源工具商业产品等。不仅是SAST工具!

一、SAST
- https://github.com/ASTTeam/SAST
- https://github.com/ASTTeam/Fortify
- https://github.com/ASTTeam/SonarQube
- https://github.com/ASTTeam/Checkmarx
- https://github.com/ASTTeam/CodeQL
- https://github.com/ASTTeam/Semgrep
- https://github.com/ASTTeam/BlackDuck

二、DAST
- https://github.com/ASTTeam/DAST

三、IAST
- https://github.com/ASTTeam/IAST

四、SCA
- https://github.com/ASTTeam/SCA

五、Others
- [ ] https://github.com/infobyte/faraday
- [ ] https://github.com/tenable/terrascan
- [ ] https://github.com/bunkerity/bunkerweb
- [ ] https://github.com/deepfence/ThreatMapper
- [ ] https://github.com/archerysec/archerysec
- [ ] https://github.com/Checkmarx/kics
- [ ] https://github.com/lunasec-io/lunasec
- [ ] https://github.com/GitGuardian/ggshield

## 04-DevSecOps产品

- 悬境安全:https://www.xmirror.cn
- 墨菲安全:https://www.murphysec.com
- 火线安全:https://www.huoxian.cn
- 探真科技:https://www.tensorsecurity.cn
- 思客云:http://www.secureyun.cn
- 龙智:https://www.shdsd.com
- 开源网安:https://www.seczone.cn
- 嘉为蓝鲸:https://www.canway.net
- https://www.microfocus.com/zh-cn/devsecops

## 05-DevSecOps岗位

- [PingCAP-DevSecOps 安全专家](https://careers.pingcap.com/apply/pingcap/39950/#/job/3a7c73a4-cbd3-4381-bd68-8e5291710cf8)

## 06-DevSecOps老师

![Stargazers over time](https://starchart.cc//ASTTeam/DevSecOps.svg)