What are some great tools for integrating security into DevOps?
Sort By:
Oldest
CEOa year ago
I recently did the devsecops implementation in my organization. This is what I use today:I also gave a talk on the same topic at Teleport conference and also at OWASP meetup. Here is a table from my slide deck I presented:
Security check
Tools
1. Secure Access to Infrastructure
Teleport
2. SAST
Semgrep
3. Secret Scanning
Trufflehog
4. IaC scanning
TerraScan
5. Dependencies
Dependabot
6. DAST/ IAST/ API Security Testing
Akto.io
Here's a list of categories and DevSecOps tools:
- Static Application Security Testing (SAST) e.g SonarQube
- Dynamic Application Security Testing (DAST): OWASP Zed Attack Proxy (ZAP)
- Software Composition Analysis (SCA): WhiteSource
- Container Security: Aqua Security
There are also some Continuous Integration/Continuous Deployment (CI/CD) Tools with security integrations:
- GitLab
- GitHub
- Azure DevOps
You can check out my videos on my youtube channel on how to build a
- DevSecOps Pipeline with GitLab: https://www.youtube.com/watch?v=sHK8uN5fBhs&list=PLrsbMazVPK_qhf3ahA_zRPlwBaGGhSu2P
- DevSecOps Pipeline with GitHub: https://www.youtube.com/watch?v=_m5KYEi1ThA&list=PLrsbMazVPK_pt9u_PiTGAb3s9aw8ashvQ