Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/devops-ru/awesome-devsecops_ru

Подборка выступлений и публикаций на тему DevSecOps на русском и не только)
https://github.com/devops-ru/awesome-devsecops_ru

List: awesome-devsecops_ru

awesome devsecops

Last synced: 3 months ago
JSON representation

Подборка выступлений и публикаций на тему DevSecOps на русском и не только)

Host: GitHub
URL: https://github.com/devops-ru/awesome-devsecops_ru
Owner: devops-ru
License: cc-by-4.0
Created: 2019-01-27T15:02:38.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2020-08-03T16:04:20.000Z (over 4 years ago)
Last Synced: 2024-05-20T04:00:48.598Z (6 months ago)
Topics: awesome, devsecops
Size: 23.4 KB
Stars: 74
Watchers: 12
Forks: 7
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

awesome-devsecops-russia - Devops-ru / Awesome DevSecOps RU
ultimate-awesome - awesome-devsecops_ru - Подборка выступлений и публикаций на тему DevSecOps на русском и не только). (Other Lists / PowerShell Lists)

README

        # Awesome DevSecOps RU  [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)

Подборка выступлений и публикаций на тему DevSecOps на русском и не только)

Предложения и вопросы по контенту пишите пожалуйста в [issues](https://github.com/devsecops-ru/awesome-devsecops_ru/issues)

А еще у нас есть [канал в телеграмме ヅ](https://t.me/devsecops_ru)

## Видео выступлений

* [Управление секретами при помощи Hashicorp Vault // Сергей Носков, Avito](https://youtu.be/klC4ssaPHZY), [DevOps Moscow meetup](https://www.meetup.com/DevOps-Moscow-in-Russian/), [слайды](https://speakerdeck.com/devopsmoscow/upravlieniie-siekrietami-v-avito-pri-pomoshchi-hashicorp-vault)

* [Управление секретами при помощи Hashicorp Vault в Авито / Сергей Носков (Авито) (DevOpsConf Russia 2018)](https://youtu.be/oDdDPU6moTs)

* [Страх и ненависть DevSecOps // Шабалин Юрий, Swordfish Security](https://youtu.be/ROH636e7Rx8), [DevOps Moscow meetup](https://www.meetup.com/DevOps-Moscow-in-Russian/), [слайды](https://speakerdeck.com/devopsmoscow/strakh-i-nienavist-devsecops)

* [Security Compliance & DevOps // Степан Носов, IPONWEB](https://youtu.be/BtFeWnR1xXE), [DevOps Moscow meetup](https://www.meetup.com/DevOps-Moscow-in-Russian/), [слайды](https://speakerdeck.com/devopsmoscow/security-compliance-and-devops)

* [Безопасность в Kubernetes (Дмитрий Лазаренко, Mail.Ru Cloud Solutions) / ♥ Kubernetes meetup](https://youtu.be/62XWgBIYnJ8)

* [Practical steps for securing your container deployment, Liz Rice, Aqua Security](https://youtu.be/WSiCZ6v35gw), [страница доклада на DevOops 2018](https://2018.devoops.ru/2018/spb/talks/2yl4oqifo4oqqmwwgwg4as/)

* [Modern security with microservices and the cloud, Seth Vargo, Google](https://youtu.be/Qx2N6EDIIow), [страница доклада на DevOops 2018](https://2018.devoops.ru/2018/spb/talks/14ss0jq4v8ci4ekuoewew6/)

* [Мониторинг безопасности сайтов / Григорий Земсков (Ревизиум) (РИТ++2018, RootConf)](https://youtu.be/NbN_uOxRHOo)

* [Enabling shift-left for 12k banking developers from scratch (DevSecCon London 2018)](https://youtu.be/6IRz6F5Y4Zo?list=PLZN13UbkqPfWNy4WUd0UuWYCss69n7A10)

* [Maginot Line - 6 Common AppSec Anti-Patterns Preventing your Success (DevSecCon Singapore 2018)](https://youtu.be/u0tUea0Cbdc?list=PLZN13UbkqPfUmt4IZmoTWcbou-oxUivoV)

## Статьи

* [Безопасность internal сервисов, Всеволод Поляков](https://dvps.blog/biezopasnost-internal-siervisov)

* A guide to automating HashiCorp Vault from Gruntwork [1](https://blog.gruntwork.io/a-guide-to-automating-hashicorp-vault-1-auto-unsealing-b219970f02c6), [2](https://blog.gruntwork.io/a-guide-to-automating-hashicorp-vault-2-authenticating-with-instance-metadata-c3f9eaeaba53), [3](https://blog.gruntwork.io/a-guide-to-automating-hashicorp-vault-3-authenticating-with-an-iam-user-or-role-a3203a3ee088)

* [TLDR Безопасность разработки в Agile проектах](https://medium.com/some-tldrs-ru/tldr-безопасность-разработки-в-agile-проектах-f53f55298231)

* [What Your Kubernetes Security Checklist Might Be Missing by Jim Bugwadia from Nirmata](https://thenewstack.io/what-your-kubernetes-security-checklist-might-be-missing/)

* [A continuation of devops: policy as code by Gareth Rushgrove, QCon London 2019](https://speakerdeck.com/garethr/a-continuation-of-devops-policy-as-code)

* [CONTINUOUS SECURITY IN THE DEVOPS WORLD by JULIEN VEHENT from MOZILLA SECURITY](https://jvehent.github.io/continuous-security-talk/#/)

* [Саммари “Unit Testing Your Kubernetes Configurations Using Open Policy Agent — Gareth Rushgrove”, KubeCon + CloudNativeCon Europe 2019](https://medium.com/@Nklya/summary-unit-testing-your-kubernetes-configurations-using-open-policy-agent-gareth-rushgrove-81c3e6e15a91)

* [Software Security Field Guide for the Bewildered от Ian Miell](https://zwischenzugs.com/2019/09/22/software-security-field-guide-for-the-bewildered/)

* [The Path Less Traveled: Abusing Kubernetes Defaults, Black Hat USA 2019](https://speakerdeck.com/iancoldwater/the-path-less-traveled-abusing-kubernetes-defaults)

* Серия статей про безопасность Docker от Swordfish Security:

  * [Безопасность Docker](https://swordfishsecurity.ru/blog/docker_security)

  * [Обзор утилит безопасности Docker](https://swordfishsecurity.ru/blog/obzor-utilit-bezopasnosti-docker)

  * [Способы и примеры внедрения утилит для проверки безопасности Docker](https://swordfishsecurity.ru/docker-security-scanning-examples)

  * [Репозиторий с примерами из статей](https://github.com/Swordfish-Security/docker_cicd/)

## Обучение, курсы

* [Платформа для изучения HashiCorp Vaut](https://learn.hashicorp.com/vault/)

* [Крутая подборка небольших описаний методологий разработки](https://www.developmentthatpays.com/cheatsheets). Скидывайте вашим коллегам, если они не в теме)

* [Security in Google Cloud Platform Specialization (Coursera)](https://www.coursera.org/specializations/security-google-cloud-platform/)

## Книги

* [Безопасность разработки в Agile проектах](https://dmkpress.com/catalog/computer/securuty/978-5-97060-648-3/)

## Best practices

* [The Early Security Engineer’s First 90 Days Checklist](https://www.sqreen.com/checklists/security-engineer-checklist)

* [AWS Security Best Practices](https://www.sqreen.com/resources/aws-security-best-practices)

* [10 Docker Image Security Best Practices](https://snyk.io/blog/10-docker-image-security-best-practices/)

## Безопасность облачных платформ (Clouds)

### Amazon Web Services (AWS)

* [AWS re:Invent 2017: Making the Shift from DevOps to Practical DevSecOps (ABD337)](https://youtu.be/BAsLEsEVThM)

* [DevOps and Cyber Security in AWS (DevSecOps)](https://medium.com/@block_matrix/devops-and-cyber-security-in-aws-devsecops-711a11bf8e7)

### Google Cloud Platform (GCP)

* [8 Google Cloud Security Best Practices](https://blog.paloaltonetworks.com/2019/04/8-google-cloud-security-best-practices/)

* [A Security Practitioners Guide to Best Practice GCP Security (Cloud Next '18)](https://youtu.be/ZQHoC0cR6Qw)

* [Best Practices for Privacy and Security in GCE (Cloud Next '19)](https://youtu.be/qDyjE1fIqkk)

## Разное

* [Linux logs data sources (for Information Security purposes). Links to appropriate Splunk Apps are available as well](https://docs.google.com/spreadsheets/d/1ccXuv4KZ1ndNFKwNuXpTgvgMgvQ16joUI408v232a9I) by [Rustam Abdullin](https://www.linkedin.com/in/rustam-abdullin-11010635/)

* [DevSec Hardening Framework](https://dev-sec.io)

* [Secure DevOps Practices poster](https://www.sans.org/security-resources/posters/secure-devops-practices/175/download)