DevSecOps Roadmap
A little roadmap for adding DevSeCops in CI/CD
1) Audit of the existing / Planning
Threat Modeling
Security Requirements
Scope
2) Training
Training everyone who work on project and provide best practices. It is the best ways for security and the most value.
3) Secure Coding
Time to use some tools SAST (Static Application Security Testing) This category of tools scan you source code and find some vulnerabilities.
You can add him directely in the IDE of developer. The main default is the high average of false positives
more: https://owasp.org/www-community/Source_Code_Analysis_Tools
List of tools:
https://pypi.org/project/bandit/
https://www.checkmarx.com/
https://www.ripstech.com/
https://sonarcloud.io/
DAST (Dynamic Application Security Testing)