awesome-devsecops

DevSecOps resource directory

An authoritative list of tools and resources to support DevSecOps initiatives in software development

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

GitHub

5k stars
250 watching
973 forks
last commit: 7 months ago
devopsdevsecopspodcastthreat-intelligence

Information / Guidelines

Introduction to DevSecOps - DZone Refcard
Security Champions Playbook 351 about 1 year ago
Security Guide for Web Developers 20,935 over 2 years ago
A practical guide to build DAST with OWASP Zap 34 over 5 years ago
Introduction to security testing and tools
DevSecOps Hub

Information / Presentations

DevSecOps: Taking a DevOps Approach to Security
Mozilla's Test Driven Security in Continuous Integration
Security DevOps - staying secure in agile projects
Veracode's Defending the Cloud from a Full Stack Hack
Put Your Robots to Work: Security Automation at Twitter
The Three Faces of DevSecOps

Information / Initiatives

AWS Labs
DevOps and Audit Resources
DevSecOps
OpenDevSecOps
Rugged DevOps

Information / Keeping Informed

AWS Security
Azure Security
Ruby Weekly
Security Newsletter
SRE Weekly

Information / Wardley Maps for Security

Check out Figure 6 for Comparisons
DevSecOps Repo for Security Maps 47 almost 8 years ago
Introduction to Wardley Maps
Security Industry Example
SOC Value Chain & Delivery Models

Training / Labs

DevSecOps Bootcamp 711 about 1 year ago
Exercism
Infoseclabs
Infrastructure Monitoring 124 almost 8 years ago
Pentester Lab
Vulnhub

Training / Vulnerable Test Targets

Damn Vulnerable Web Application 10,371 7 days ago (PHP/MySQL)
LambHack 94 about 5 years ago (Lambda)
Metasploitable (Linux)
Mutillidae (PHP)
NodeGoat 1,895 6 months ago (Node)
OWASP Damn Vulnerable Serverless Application (DVSA) 534 about 1 year ago (AWS Serverless)
OWASP Juice Shop 522 about 1 year ago (NodeJS/Angular)
RailsGoat 871 3 months ago (Rails)
WebGoat 7,071 about 20 hours ago (Web App)
WebGoat.Net 69 over 9 years ago (.NET)
WebGoatPHP 121 9 months ago (PHP)

Training / Conferences

AWS re:Inforce
AWS re:Invent
DevSecCon
DevOps Connect
DevOps Days
Goto Conference
IP Expo
ISACA Ireland
RSA Conference
All Day DevOps

Training / Podcasts

Arrested DevOps
Brakeing Down Security Podcast
Darknet Diaries
Defensive Security Podcast
DevOps Cafe
Down The Security Rabbithole
Food Fight Show
OWASP 24/7
Risky Business
Social Engineering Podcast
Software Engineering Radio
Take 1 Security Podcast
Tenable Security Podcast
The Secure Developer
Trusted Sec Podcast

Training / Books

DevOpsSec
Docker Securitiy - Quick Reference
Holistic Info-Sec for Web Developers
Securing DevOps
The DevOps Handbook (Section VI)

Tools / Dashboards

Grafana
Kibana

Tools / Automation

Demisto
OWASP Glue 522 about 1 year ago
StackStorm 6,103 4 days ago
Insider CLI 517 over 2 years ago

Tools / Hunting

GRR 4,796 14 days ago
kube-hunter 4,770 9 months ago
mig 1,205 about 5 years ago
Mirador
moloch 6,354 6 days ago
MozDef 2,166 about 3 years ago
osquery
OSSEC
osxcollector 1,878 over 5 years ago

Tools / Testing

Brakeman
Checkov 7,169 5 days ago
Chef Inspec 2,866 1 day ago
Contrast Security
Cohesion
David
Deepfence ThreatMapper 4,846 5 days ago
Gauntlt
Hakiri
HusckyCI 578 7 months ago
Infer
IronWASP
kube-bench 7,101 4 days ago
Lynis
microscanner 858 over 3 years ago
Node Security Platform
npm-check
npm-outdated
OSS Fuzz 10,637 2 days ago
OWASP OWTF
OWASP ZAP
OWASP ZAP Node API 46 1 day ago
Progpilot 332 7 days ago
PureSec (Serverless Security)
RetireJS 3,698 11 days ago
RIPS
ShiftLeft Scan
Snyk
SourceClear

Tools / Alerting

411 972 over 1 year ago
Alerta 2,393 about 21 hours ago
Elastalert 8,001 4 months ago
MozDef 2,166 about 3 years ago

Tools / Threat Intelligence

Alien Vault OTX
Critical Stack
IBM X-Force
IntelMQ Feeds 64 7 months ago
OpenTPX
Passive Total
STIX, TAXII
Threat Connect

Tools / Attack Modeling

CAPEC
IriusRisk
Larry Osterman's Threat Modeling
SDL Threat Modeling Tool
SeaSponge
Threat Risk Modeling

Tools / Secret Management

BlackBox 6,688 2 months ago
Conjur 782 11 days ago
CredStash 2,059 almost 3 years ago
Git Secrets 12,470 8 months ago
Keybase
Sops 17,123 about 20 hours ago
Transcrypt 1,484 28 days ago
Vault

Tools / Red Team

EyeWitness 18 6 months ago
Hound 5,689 5 months ago

Tools / Visualization

Gephi
ShadowBuster 79 over 9 years ago
Wazuh

Tools / Sharing

Gitbook
Speaker Deck

Tools / ChatOps

Gitter
HipChat
MatterMost
Riot
Slack