The OWASP DevSecOps Guideline focuses on explaining how we can implement a secure pipeline and using best practices and introduce tools that we can use in this matter. Also, the project trying to help us for promoting the shift-left security culture in our development process.
This project helps any companies in each size that have development pipeline or in other words have DevOps pipeline.
During this project, we try to draw a perspective of a secure DevOps pipeline and then improve it based on our customized requirements.
At first, we consider to implement the following steps in a basic pipeline:
- Take care secrets and credentials in git repositories
- SAST (Static Application Security Test)
- DAST (Dynamic Application Security Test)
- Infrastructure scanning
- Compliance check
The project page in OWASP website is here