Awesome DevSecOps – A Comprehensive Guide To Resources And Tooling

DevSecOps is an extension of the DevOps movement that aims to bring security practices into the development lifecycle through developer-centric security tooling and processes.

Contributions welcome. Add links through pull requests or create an issue to start a discussion.

Resources
- Articles
- Books
- Communities
- Conferences
- Newsletters
- Podcasts
- Secure Development Guidelines
- Secure Development Lifecycle Framework
- Toolchains
- Training
- Wikis
Tools
- Dependency Management
- Dynamic Analysis
- Infrastructure as Code Analysis
- Intentionally Vulnerable Applications
- Monitoring
- Secrets Management
- Secrets Scanning
- Static Analysis
- Supply Chain Security
- Threat Modelling
Related Lists

Resources

Articles

Our Approach to Employee Security Training – Pager Duty – Guidelines to running security training within an organisation.

Books

Alice and Bob Learn Application Security – Tanya Janca – An accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development.

Communities

MyDevSecOps – Snyk – A community that runs conferences, a blog, a podcast and a Slack workspace dedicated to DevSecOps.

Conferences

AppSec Day – OWASP – An Australian application security conference run by OWASP.
DevSecCon – Snyk – A network of DevSecOps conferences run by Snyk.

Newsletters

Shift Security Left – Cossack Labs – A free biweekly newsletter for security-aware developers covering application security, secure architecture, DevSecOps, cryptography, incidents, etc. that can be useful for builders and (to a lesser extent) for breakers.

Podcasts

Absolute AppSec – Seth Law & Ken Johnson – Discussions about current events and specific topics related to application security.
Application Security Podcast – Security Journey – Interviews with industry experts about specific application security concepts.
BeerSecOps – Aqua Security – Breaking down the silos of Dev, Sec and Ops, discussing topics that span these subject areas.
DevSecOps Podcast Series – OWASP – Discussions with thought leaders and practitioners to integrate security into the development lifecycle.
The Secure Developer – Snyk – Discussion about security tools and best practices for software developers.

For more information click here.

Varshini

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.