Roadmap for everyone who wants DevSecOps.
- Roadmap
- Tools
- Resources
- Security of CICD
- Awesome resources
- Other roadmaps
- Wrap Up
- Contributors
- Contribute
Spending a lot of time on applying DevSecOps is searching, comparing, and making decisions about tools. These tool lists are a good way to help you reduce unnecessary time and apply them quickly 😎
Open https://github.com/hahwul/DevSecOps/blob/main/tools/README.md
- Overview
- Development Lifecycle
- Threat Model
- Secure Coding
- SAST(Static Application Security Testing)
- DAST(Dynamic Application Security Testing)
- Penetration testing
- Security Hardening & Config
- Security Scanning
- RASP(Run-time Application Security Protection)
- Security Patch
- RASP(Runtime Application Self-Protection)
- Security Audit
- Security Monitor
- IAST(Interactive Application Security Testig)
- Metrics, Monitoring, Alerting
- Security Analysis
- Github Actions
- Jenkins
U.S. Department of Defense | Larry Maccherone |
The DevSecOps Security Checklist | Gitlab security devops diagram |
If you think the roadmap can be improved, please do open a PR with any updates and submit any issues. Also, I will continue to improve this, so you might want to star this repository to revisit.
Idea from : Go Developer Roadmap