awesome-devsecops

DevSecOps resource directory

An authoritative list of tools and resources to support DevSecOps initiatives in software development

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

GitHub

5k stars

250 watching

970 forks

last commit: 6 months ago

devopsdevsecopspodcastthreat-intelligence

Screenshot of devsecops/awesome-devsecops website

devsecops.org

Information / Guidelines
Introduction to DevSecOps - DZone Refcard
Security Champions Playbook	350	about 1 year ago
Security Guide for Web Developers	20,923	over 2 years ago
A practical guide to build DAST with OWASP Zap	34	over 5 years ago
Introduction to security testing and tools
DevSecOps Hub
Information / Presentations
DevSecOps: Taking a DevOps Approach to Security
Mozilla's Test Driven Security in Continuous Integration
Security DevOps - staying secure in agile projects
Veracode's Defending the Cloud from a Full Stack Hack
Put Your Robots to Work: Security Automation at Twitter
The Three Faces of DevSecOps
Information / Initiatives
AWS Labs
DevOps and Audit Resources
DevSecOps
OpenDevSecOps
Rugged DevOps
Information / Keeping Informed
AWS Security
Azure Security
Ruby Weekly
Security Newsletter
SRE Weekly
Information / Wardley Maps for Security
Check out Figure 6 for Comparisons
DevSecOps Repo for Security Maps	47	almost 8 years ago
Introduction to Wardley Maps
Security Industry Example
SOC Value Chain & Delivery Models
Training / Labs
DevSecOps Bootcamp	704	about 1 year ago
Exercism
Infoseclabs
Infrastructure Monitoring	124	almost 8 years ago
Pentester Lab
Vulnhub
Training / Vulnerable Test Targets
Damn Vulnerable Web Application	10,292	13 days ago	(PHP/MySQL)
LambHack	94	about 5 years ago	(Lambda)
Metasploitable			(Linux)
Mutillidae			(PHP)
NodeGoat	1,885	5 months ago	(Node)
OWASP Damn Vulnerable Serverless Application (DVSA)	534	about 1 year ago	(AWS Serverless)
OWASP Juice Shop	522	about 1 year ago	(NodeJS/Angular)
RailsGoat	869	3 months ago	(Rails)
WebGoat	7,036	7 days ago	(Web App)
WebGoat.Net	69	over 9 years ago	(.NET)
WebGoatPHP	122	9 months ago	(PHP)
Training / Conferences
AWS re:Inforce
AWS re:Invent
DevSecCon
DevOps Connect
DevOps Days
Goto Conference
IP Expo
ISACA Ireland
RSA Conference
All Day DevOps
Training / Podcasts
Arrested DevOps
Brakeing Down Security Podcast
Darknet Diaries
Defensive Security Podcast
DevOps Cafe
Down The Security Rabbithole
Food Fight Show
OWASP 24/7
Risky Business
Social Engineering Podcast
Software Engineering Radio
Take 1 Security Podcast
Tenable Security Podcast
The Secure Developer
Trusted Sec Podcast
Training / Books
DevOpsSec
Docker Securitiy - Quick Reference
Holistic Info-Sec for Web Developers
Securing DevOps
The DevOps Handbook (Section VI)
Tools / Dashboards
Grafana
Kibana
Tools / Automation
Demisto
OWASP Glue	522	about 1 year ago
StackStorm	6,086	4 days ago
Insider CLI	516	over 2 years ago
Tools / Hunting
GRR	4,783	about 2 months ago
kube-hunter	4,763	8 months ago
mig	1,206	about 5 years ago
Mirador
moloch	6,334	7 days ago
MozDef	2,168	about 3 years ago
osquery
OSSEC
osxcollector	1,875	over 5 years ago
Tools / Testing
Brakeman
Checkov	7,126	7 days ago
Chef Inspec	2,865	7 days ago
Contrast Security
Cohesion
David
Deepfence ThreatMapper	4,837	6 days ago
Gauntlt
Hakiri
HusckyCI	576	6 months ago
Infer
IronWASP
kube-bench	7,069	6 days ago
Lynis
microscanner	858	over 3 years ago
Node Security Platform
npm-check
npm-outdated
OSS Fuzz	10,548	6 days ago
OWASP OWTF
OWASP ZAP
OWASP ZAP Node API	46	13 days ago
Progpilot	330	4 months ago
PureSec (Serverless Security)
RetireJS	3,692	13 days ago
RIPS
ShiftLeft Scan
Snyk
SourceClear
Tools / Alerting
411	971	over 1 year ago
Alerta	2,387	10 days ago
Elastalert	7,997	4 months ago
MozDef	2,168	about 3 years ago
Tools / Threat Intelligence
Alien Vault OTX
Critical Stack
IBM X-Force
IntelMQ Feeds	64	7 months ago
OpenTPX
Passive Total
STIX, TAXII
Threat Connect
Tools / Attack Modeling
CAPEC
IriusRisk
Larry Osterman's Threat Modeling
SDL Threat Modeling Tool
SeaSponge
Threat Risk Modeling
Tools / Secret Management
BlackBox	6,687	about 2 months ago
Conjur	780	24 days ago
CredStash	2,059	almost 3 years ago
Git Secrets	12,442	7 months ago
Keybase
Sops	17,010	10 days ago
Transcrypt	1,478	16 days ago
Vault
Tools / Red Team
EyeWitness	18	6 months ago
Hound	5,682	4 months ago
Tools / Visualization
Gephi
ShadowBuster	79	over 9 years ago
Wazuh
Tools / Sharing
Gitbook
Speaker Deck
Tools / ChatOps
Gitter
HipChat
MatterMost
Riot
Slack

awesome-devsecops

Information / Guidelines

Information / Presentations

Information / Initiatives

Information / Keeping Informed

Information / Wardley Maps for Security

Training / Labs

Training / Vulnerable Test Targets

Training / Conferences

Training / Podcasts

Training / Books

Tools / Dashboards

Tools / Automation

Tools / Hunting

Tools / Testing

Tools / Alerting

Tools / Threat Intelligence

Tools / Attack Modeling

Tools / Secret Management

Tools / Red Team

Tools / Visualization

Tools / Sharing

Tools / ChatOps