What are some great tools for integrating security into DevOps?

SecurityDevOpsAutomation
4.4k views2 Comments
Sort By:
Oldest
Chief of DevOps and Partner in Healthcare and Biotecha year ago
Integrating security into DevOps, often called DevSecOps and is essential for building and maintaining secure applications.

Here's a list of categories and DevSecOps tools:
- Static Application Security Testing (SAST) e.g SonarQube
- Dynamic Application Security Testing (DAST): OWASP Zed Attack Proxy (ZAP)
- Software Composition Analysis (SCA): WhiteSource
- Container Security:  Aqua Security

There are also some Continuous Integration/Continuous Deployment (CI/CD) Tools with security integrations:
- GitLab 
- GitHub 
- Azure DevOps

You can check out my videos on my youtube channel on how to build a
- DevSecOps Pipeline with GitLab: https://www.youtube.com/watch?v=sHK8uN5fBhs&list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P
- DevSecOps Pipeline with GitHub: https://www.youtube.com/watch?v=_m5KYEi1ThA&list=PLrsbMazVPK_pt9u_PiTGAb3s9aw8ashvQ

lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
CEOa year ago
I recently did the devsecops implementation in my organization. This is what I use today:

I also gave a talk on the same topic at Teleport conference and also at OWASP meetup. Here is a table from my slide deck I presented:
 

Security check



Tools

1. Secure Access to Infrastructure 



Teleport

2. SAST



Semgrep

3. Secret Scanning



Trufflehog

4. IaC scanning



TerraScan

5. Dependencies



Dependabot

6. DAST/ IAST/ API Security Testing



Akto.io

Content you might like

Are you facing the same cost increase / risk on the timeline for the PCI DSS 2024 Audits?

Auditing & LoggingIT Strategy & RoadmapSecurity Strategy & Roadmap+1 more
CISO in Healthcare and Biotech8 days ago
The update to PCI DSS has introduced new validation and documentation requirements, increasing the cost and timeline of audits. These changes require more detailed evidence of compliance, affecting internal processes and ...read more
1.1k views1 Comment

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

What is the most interesting/helpful/unique tool you're using right now that no one is talking about?

CloudNetworkCompute+37 more
Senior Director, Technology Solutions and Analytics in Telecommunication3 years ago
Palantir Foundry
3
Read More Comments
11.7k views13 Upvotes49 Comments

How would someone look to understand user utilization within a closed area? We are using Splunk for keyboard logging, looking at logon\logoff times for the classified desktops. We use badge reader information as they enter\leave. Also, this is there unclass office as well so they do work on unclass systems as well. We are running at about 10-15% utilization with those measures.  We are trying to determine what is good?

IT Strategy & RoadmapSecuritySecurity Strategy & Roadmap
557 views

Do you have the visibility you need across your VMs, containers, and multi-tier app stacks in order to achieve your DevOps and automation goals?

CloudPublic CloudHybrid Cloud+3 more

Yes73%

No21%

I'm not sure5%

View Results
1.5k views