awesome-devsecops

DevSecOps resource directory

An authoritative list of tools and resources to support DevSecOps initiatives in software development

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

GitHub

5k stars

249 watching

972 forks

last commit: 8 months ago

devopsdevsecopspodcastthreat-intelligence

Screenshot of devsecops/awesome-devsecops website

devsecops.org

Information / Guidelines
Introduction to DevSecOps - DZone Refcard
Security Champions Playbook	353	over 1 year ago
Security Guide for Web Developers	20,950	over 2 years ago
A practical guide to build DAST with OWASP Zap	34	almost 6 years ago
Introduction to security testing and tools
DevSecOps Hub
Information / Presentations
DevSecOps: Taking a DevOps Approach to Security
Mozilla's Test Driven Security in Continuous Integration
Security DevOps - staying secure in agile projects
Veracode's Defending the Cloud from a Full Stack Hack
Put Your Robots to Work: Security Automation at Twitter
The Three Faces of DevSecOps
Information / Initiatives
AWS Labs
DevOps and Audit Resources
DevSecOps
OpenDevSecOps
Rugged DevOps
Information / Keeping Informed
AWS Security
Azure Security
Ruby Weekly
Security Newsletter
SRE Weekly
Information / Wardley Maps for Security
Check out Figure 6 for Comparisons
DevSecOps Repo for Security Maps	47	almost 8 years ago
Introduction to Wardley Maps
Security Industry Example
SOC Value Chain & Delivery Models
Training / Labs
DevSecOps Bootcamp	713	over 1 year ago
Exercism
Infoseclabs
Infrastructure Monitoring	124	about 8 years ago
Pentester Lab
Vulnhub
Training / Vulnerable Test Targets
Damn Vulnerable Web Application	10,423	about 1 month ago	(PHP/MySQL)
LambHack	94	over 5 years ago	(Lambda)
Metasploitable			(Linux)
Mutillidae			(PHP)
NodeGoat	1,895	7 months ago	(Node)
OWASP Damn Vulnerable Serverless Application (DVSA)	534	over 1 year ago	(AWS Serverless)
OWASP Juice Shop	524	over 1 year ago	(NodeJS/Angular)
RailsGoat	872	5 months ago	(Rails)
WebGoat	7,096	about 1 month ago	(Web App)
WebGoat.Net	69	over 9 years ago	(.NET)
WebGoatPHP	121	11 months ago	(PHP)
Training / Conferences
AWS re:Inforce
AWS re:Invent
DevSecCon
DevOps Connect
DevOps Days
Goto Conference
IP Expo
ISACA Ireland
RSA Conference
All Day DevOps
Training / Podcasts
Arrested DevOps
Brakeing Down Security Podcast
Darknet Diaries
Defensive Security Podcast
DevOps Cafe
Down The Security Rabbithole
Food Fight Show
OWASP 24/7
Risky Business
Social Engineering Podcast
Software Engineering Radio
Take 1 Security Podcast
Tenable Security Podcast
The Secure Developer
Trusted Sec Podcast
Training / Books
DevOpsSec
Docker Securitiy - Quick Reference
Holistic Info-Sec for Web Developers
Securing DevOps
The DevOps Handbook (Section VI)
Tools / Dashboards
Grafana
Kibana
Tools / Automation
Demisto
OWASP Glue	524	over 1 year ago
StackStorm	6,116	about 1 month ago
Insider CLI	519	almost 3 years ago
Tools / Hunting
GRR	4,811	about 2 months ago
kube-hunter	4,774	10 months ago
mig	1,205	over 5 years ago
Mirador
moloch	6,418	about 1 month ago
MozDef	2,167	about 3 years ago
osquery
OSSEC
osxcollector	1,879	over 5 years ago
Tools / Testing
Brakeman
Checkov	7,214	about 1 month ago
Chef Inspec	2,870	about 1 month ago
Contrast Security
Cohesion
David
Deepfence ThreatMapper	4,861	about 1 month ago
Gauntlt
Hakiri
HusckyCI	579	8 months ago
Infer
IronWASP
kube-bench	7,129	about 1 month ago
Lynis
microscanner	858	over 3 years ago
Node Security Platform
npm-check
npm-outdated
OSS Fuzz	10,671	about 1 month ago
OWASP OWTF
OWASP ZAP
OWASP ZAP Node API	47	about 1 month ago
Progpilot	333	about 2 months ago
PureSec (Serverless Security)
RetireJS	3,717	about 1 month ago
RIPS
ShiftLeft Scan
Snyk
SourceClear
Tools / Alerting
411	973	almost 2 years ago
Alerta	2,400	about 1 month ago
Elastalert	8,004	5 months ago
MozDef	2,167	about 3 years ago
Tools / Threat Intelligence
Alien Vault OTX
Critical Stack
IBM X-Force
IntelMQ Feeds	66	9 months ago
OpenTPX
Passive Total
STIX, TAXII
Threat Connect
Tools / Attack Modeling
CAPEC
IriusRisk
Larry Osterman's Threat Modeling
SDL Threat Modeling Tool
SeaSponge
Threat Risk Modeling
Tools / Secret Management
BlackBox	6,692	4 months ago
Conjur	786	about 2 months ago
CredStash	2,061	almost 3 years ago
Git Secrets	12,504	9 months ago
Keybase
Sops	17,224	about 1 month ago
Transcrypt	1,487	2 months ago
Vault
Tools / Red Team
EyeWitness	20	8 months ago
Hound	5,699	6 months ago
Tools / Visualization
Gephi
ShadowBuster	80	over 9 years ago
Wazuh
Tools / Sharing
Gitbook
Speaker Deck
Tools / ChatOps
Gitter
HipChat
MatterMost
Riot
Slack

awesome-devsecops

Information / Guidelines

Information / Presentations

Information / Initiatives

Information / Keeping Informed

Information / Wardley Maps for Security

Training / Labs

Training / Vulnerable Test Targets

Training / Conferences

Training / Podcasts

Training / Books

Tools / Dashboards

Tools / Automation

Tools / Hunting

Tools / Testing

Tools / Alerting

Tools / Threat Intelligence

Tools / Attack Modeling

Tools / Secret Management

Tools / Red Team

Tools / Visualization

Tools / Sharing

Tools / ChatOps