endtoend: A Dockerfile repository from ganeshghube

Here is a list of a few tools that we can use to set up our DevSecOps pipeline.

Category	Tools
Threat modeling	Threat dragon, Cairis
Secret scan	detect-secret, Gitleaks, git-secrets
SBOM scan	Syft, Grype, Trivy, Dependency-check, Dependency-track
SAST scan	SonarQube, Checkmarx, Veracode, Klocwork
Unit testing	JaCoCo, Mocha, Jasmine
Dockerfile scan	Checkov, docker scan
Container scan	Trivy, Grype, Clair, docker scan, Aqua scan
Container signing	Cosign, Skopeo
Container validation	goss, kgoss
Kubernete manifest scan	Checkov, Terrascan, KubeLinter
Kubernetes manifest pre-check	Kyverno, Kubewarden, Gatekeeper
CIS scan	kube-bench, CIS-CAT Pro, Prowler
IaC scan	Checkov, Terrascan, KICS, Terratest
API testing	JMeter, Taurus, Postman, SoapUI
DAST scan	ZAP,HCL Appscan, Burp Suite, Invicti, Checkmarx, InsightAppSec
Distributed tracing	Zipkin, Jaeger
Cloud native runtime security	Falco, Tetragon, Kubearmor, Tracee
Service mesh	Istio, Linkerd, Cilium, Traefik
Network security scan	Nmap, Wireshark, tcpdump, OpenVAS, Metasploit
Antivirus scan	Falcon, SentinelOne, Clamav
OS vulnerability scan	OpenVAS, Nessus, Nexpose
OS patching	Foreman, Red Hat Satellite, Uyuni
Pen testing	ZAP, Metasploit, Burp Suite

========

ganeshghube/endtoend