本项目用来收集整理学习DevSecOps相关内容,包括DevSecOps的理念产品以及衍生的工具思路等。包括开源安全、供应链安全、云原生安全等细分领域。当安全是所有 DevOps 的工作重心时,这便是DevSecOps。DevSecOps是一种方法,是将开发和安全和运营紧密结合起来的**。DevSecOps-Software development (Dev) and Security (Sec) and IT operations (Ops).
本项目创建于2022年10月20日,最近的一次更新时间为2023年10月10日。作者:0e0w
一、基础资源
- https://github.com/sottlmarek/DevSecOps
- https://github.com/DefectDojo/django-DefectDojo
- https://github.com/sidd-harth/kubernetes-devops-security
- https://github.com/devsecops/awesome-devsecops
- https://github.com/krol3/container-security-checklist
- https://github.com/devsecops/bootcamp
- https://github.com/TaptuIT/awesome-devsecops
- https://github.com/hahwul/DevSecOps
- https://github.com/lwindolf/lzone-cheat-sheets
- https://github.com/magnologan/gha-devsecops
- https://github.com/zemmali/DevSecOps-Toolchain
- https://github.com/rcarrata/devsecops-demo
- https://github.com/OWASP/DevSecOpsGuideline
- https://github.com/michalkoczwara/DevSecOps-Studio
- https://github.com/devsecops/devsecops
- https://github.com/wurstbrot/DevSecOps-MaturityModel
- https://github.com/dsohk/rancher-devsecops-workshop
- https://github.com/boozallen/devsecops-example-helloworld
- https://github.com/stelligent/aws-devsecops-workshop
- https://github.com/aws-samples/devsecops-cicd
- https://github.com/PGCSEDS-IIITH/devsecops-iris
- https://github.com/We5ter/Awesome-DevSecOps-Platforms
- https://github.com/ztosec/hunter
- https://github.com/pawnu/PythonSecurityPipeline
- https://github.com/aws-asean-builders/devsecops
- https://github.com/baidu/openrasp
- https://github.com/cloudsecurityalliance/wg-DevSecOps
- https://github.com/0xsomnus/Solidity-DevSecOps-Standard
- https://github.com/OWASP/glue
- https://github.com/OWASP/RiskAssessmentFramework
- https://github.com/michelin/ChopChop
- https://github.com/AErmie/DevSecOps
- https://github.com/GSA/DevSecOps
- https://github.com/lgmorand/DevSecOpsTable
- https://github.com/krol3/devsecops-resources
- https://github.com/GSA/security-benchmarks
- https://github.com/aws-samples/devsecops-workshop-on-aws
- https://github.com/PacktPublishing/Accelerating-DevSecOps-on-AWS
- https://github.com/trufflesecurity/trufflehog
- https://github.com/SpectralOps/preflight
- https://github.com/aquasecurity/tfsec
- https://github.com/aquasecurity/trivy
- https://github.com/gravitl/netmaker
- https://github.com/prowler-cloud/prowler
- https://github.com/bridgecrewio/checkov
- https://github.com/turbot/steampipe
- https://github.com/anteater/anteater
- https://github.com/Swordfish-Security/awesome-devsecops-russia
- https://mp.weixin.qq.com/s/_jBmFdtyXY5D_YrrTUP1iQ
二、学术论文
三、论坛社区
- 高效运维社区
- DevOps时代社区
四、其他资源
- https://github.com/murphysecurity/murphysec
- https://www.veracode.com/solutions/devsecops
- https://github.com/BBVA/apicheck
- https://github.com/defenseunicorns/zarf
- https://github.com/rcarrata/devsecops-demo
- https://github.com/fluidattacks/makes
- https://github.com/cider-security-research/cicd-goat
一、中文书籍
- 《DevSecOps敏捷安全》@子芽
- 《DevSecOps实战》@周纪海等著#50%
二、英文书籍
- 《DevSecOps》@Glenn Wilson
- 《Learning Devsecops》@Ribeiro
- https://github.com/6mile/DevSecOps-Playbook
本部分主要关注DevSecOps中的Sec类工具,其中包括开源工具商业产品等。不仅是SAST工具!
一、SAST
- https://github.com/ASTTeam/SAST
- https://github.com/ASTTeam/Fortify
- https://github.com/ASTTeam/SonarQube
- https://github.com/ASTTeam/Checkmarx
- https://github.com/ASTTeam/CodeQL
- https://github.com/ASTTeam/Semgrep
- https://github.com/ASTTeam/BlackDuck
二、DAST
三、IAST
四、SCA
五、Others
- https://github.com/infobyte/faraday
- https://github.com/tenable/terrascan
- https://github.com/bunkerity/bunkerweb
- https://github.com/deepfence/ThreatMapper
- https://github.com/archerysec/archerysec
- https://github.com/Checkmarx/kics
- https://github.com/lunasec-io/lunasec
- https://github.com/GitGuardian/ggshield