DevSecOps is an extension of the DevOps movement that aims to bring security practices into the development lifecycle through developer-centric security tooling and processes.

Contributions welcome. Add links through pull requests or create an issue to start a discussion.


  • Resources
    • Articles
    • Books
    • Communities
    • Conferences
    • Newsletters
    • Podcasts
    • Secure Development Guidelines
    • Secure Development Lifecycle Framework
    • Toolchains
    • Training
    • Wikis
  • Tools
    • Dependency Management
    • Dynamic Analysis
    • Infrastructure as Code Analysis
    • Intentionally Vulnerable Applications
    • Monitoring
    • Secrets Management
    • Secrets Scanning
    • Static Analysis
    • Supply Chain Security
    • Threat Modelling
  • Related Lists




  • Alice and Bob Learn Application Security – Tanya Janca – An accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development.


  • MyDevSecOps – Snyk – A community that runs conferences, a blog, a podcast and a Slack workspace dedicated to DevSecOps.


  • AppSec Day – OWASP – An Australian application security conference run by OWASP.
  • DevSecCon – Snyk – A network of DevSecOps conferences run by Snyk.


  • Shift Security Left – Cossack Labs – A free biweekly newsletter for security-aware developers covering application security, secure architecture, DevSecOps, cryptography, incidents, etc. that can be useful for builders and (to a lesser extent) for breakers.


  • Absolute AppSec – Seth Law & Ken Johnson – Discussions about current events and specific topics related to application security.
  • Application Security Podcast – Security Journey – Interviews with industry experts about specific application security concepts.
  • BeerSecOps – Aqua Security – Breaking down the silos of Dev, Sec and Ops, discussing topics that span these subject areas.
  • DevSecOps Podcast Series – OWASP – Discussions with thought leaders and practitioners to integrate security into the development lifecycle.
  • The Secure Developer – Snyk – Discussion about security tools and best practices for software developers.

For more information click here.