DevSecOps
DevSecOps copied to clipboard
ASTTeam
开发和安全和运营:DevSecOps-Software development (Dev) and Security (Sec) and IT operations (Ops).
DevSecOps-开发和安全和运营
本项目用来收集整理学习DevSecOps相关内容,包括DevSecOps的理念产品以及衍生的工具思路等。包括开源安全、供应链安全、云原生安全等细分领域。当安全是所有 DevOps 的工作重心时,这便是DevSecOps。DevSecOps是一种方法,是将开发和安全和运营紧密结合起来的思想。DevSecOps-Software development (Dev) and Security (Sec) and IT operations (Ops).
本项目创建于2022年10月20日,最近的一次更新时间为2023年10月10日。作者:0e0w
- 01-DevSecOps资源
- 02-DevSecOps书籍
- 03-DevSecOps工具
- 04-DevSecOps产品
- 05-DevSecOps职位
- 05-DevSecOps老师
01-DevSecOps资源
- https://github.com/topics/devsecops
- https://github.com/search?q=devsecops
一、基础资源
- [ ] https://github.com/sottlmarek/DevSecOps
- [ ] https://github.com/DefectDojo/django-DefectDojo
- [ ] https://github.com/sidd-harth/kubernetes-devops-security
- [ ] https://github.com/devsecops/awesome-devsecops
- [ ] https://github.com/krol3/container-security-checklist
- [ ] https://github.com/devsecops/bootcamp
- [ ] https://github.com/TaptuIT/awesome-devsecops
- [ ] https://github.com/hahwul/DevSecOps
- [ ] https://github.com/lwindolf/lzone-cheat-sheets
- [ ] https://github.com/magnologan/gha-devsecops
- [ ] https://github.com/zemmali/DevSecOps-Toolchain
- [ ] https://github.com/rcarrata/devsecops-demo
- [ ] https://github.com/OWASP/DevSecOpsGuideline
- [ ] https://github.com/michalkoczwara/DevSecOps-Studio
- [ ] https://github.com/devsecops/devsecops
- [ ] https://github.com/wurstbrot/DevSecOps-MaturityModel
- [ ] https://github.com/dsohk/rancher-devsecops-workshop
- [ ] https://github.com/boozallen/devsecops-example-helloworld
- [ ] https://github.com/stelligent/aws-devsecops-workshop
- [ ] https://github.com/aws-samples/devsecops-cicd
- [ ] https://github.com/PGCSEDS-IIITH/devsecops-iris
- [ ] https://github.com/We5ter/Awesome-DevSecOps-Platforms
- [ ] https://github.com/ztosec/hunter
- [ ] https://github.com/pawnu/PythonSecurityPipeline
- [ ] https://github.com/aws-asean-builders/devsecops
- [ ] https://github.com/baidu/openrasp
- [ ] https://github.com/cloudsecurityalliance/wg-DevSecOps
- [ ] https://github.com/0xsomnus/Solidity-DevSecOps-Standard
- [ ] https://github.com/OWASP/glue
- [ ] https://github.com/OWASP/RiskAssessmentFramework
- [ ] https://github.com/michelin/ChopChop
- [ ] https://github.com/AErmie/DevSecOps
- [ ] https://github.com/GSA/DevSecOps
- [ ] https://github.com/lgmorand/DevSecOpsTable
- [ ] https://github.com/krol3/devsecops-resources
- [ ] https://github.com/GSA/security-benchmarks
- [ ] https://github.com/aws-samples/devsecops-workshop-on-aws
- [ ] https://github.com/PacktPublishing/Accelerating-DevSecOps-on-AWS
- [ ] https://github.com/trufflesecurity/trufflehog
- [ ] https://github.com/SpectralOps/preflight
- [ ] https://github.com/aquasecurity/tfsec
- [ ] https://github.com/aquasecurity/trivy
- [ ] https://github.com/gravitl/netmaker
- [ ] https://github.com/prowler-cloud/prowler
- [ ] https://github.com/bridgecrewio/checkov
- [ ] https://github.com/turbot/steampipe
- [ ] https://github.com/anteater/anteater
- [ ] https://github.com/Swordfish-Security/awesome-devsecops-russia
- [ ] https://mp.weixin.qq.com/s/_jBmFdtyXY5D_YrrTUP1iQ
二、学术论文
三、论坛社区
- 高效运维社区
- DevOps时代社区
四、其他资源
- [ ] https://github.com/murphysecurity/murphysec
- [ ] https://www.veracode.com/solutions/devsecops
- [ ] https://github.com/BBVA/apicheck
- [ ] https://github.com/defenseunicorns/zarf
- [ ] https://github.com/rcarrata/devsecops-demo
- [ ] https://github.com/fluidattacks/makes
- [ ] https://github.com/cider-security-research/cicd-goat
02-DevSecOps书籍
一、中文书籍
- [ ] 《DevSecOps敏捷安全》@子芽
- [x] 《DevSecOps实战》@周纪海等著#50%
二、英文书籍
- [ ] 《DevSecOps》@Glenn Wilson
- [ ] 《Learning Devsecops》@Ribeiro
- [ ] https://github.com/6mile/DevSecOps-Playbook
03-DevSecOps工具
本部分主要关注DevSecOps中的Sec类工具,其中包括开源工具商业产品等。不仅是SAST工具!
一、SAST
- https://github.com/ASTTeam/SAST
- https://github.com/ASTTeam/Fortify
- https://github.com/ASTTeam/SonarQube
- https://github.com/ASTTeam/Checkmarx
- https://github.com/ASTTeam/CodeQL
- https://github.com/ASTTeam/Semgrep
- https://github.com/ASTTeam/BlackDuck
二、DAST
- https://github.com/ASTTeam/DAST
三、IAST
- https://github.com/ASTTeam/IAST
四、SCA
- https://github.com/ASTTeam/SCA
五、Others
- [ ] https://github.com/infobyte/faraday
- [ ] https://github.com/tenable/terrascan
- [ ] https://github.com/bunkerity/bunkerweb
- [ ] https://github.com/deepfence/ThreatMapper
- [ ] https://github.com/archerysec/archerysec
- [ ] https://github.com/Checkmarx/kics
- [ ] https://github.com/lunasec-io/lunasec
- [ ] https://github.com/GitGuardian/ggshield
04-DevSecOps产品
- 悬境安全:https://www.xmirror.cn
- 墨菲安全:https://www.murphysec.com
- 火线安全:https://www.huoxian.cn
- 探真科技:https://www.tensorsecurity.cn
- 思客云:http://www.secureyun.cn
- 龙智:https://www.shdsd.com
- 开源网安:https://www.seczone.cn
- 嘉为蓝鲸:https://www.canway.net
- https://www.microfocus.com/zh-cn/devsecops
05-DevSecOps岗位
06-DevSecOps老师
ASTTeam