Awesome DevSecOps – A Comprehensive Guide To Resources And Tooling

DevSecOps is an extension of the DevOps movement that aims to bring security practices into the development lifecycle through developer-centric security tooling and processes.

Contributions welcome. Add links through pull requests or create an issue to start a discussion.

Resources
- Articles
- Books
- Communities
- Conferences
- Newsletters
- Podcasts
- Secure Development Guidelines
- Secure Development Lifecycle Framework
- Toolchains
- Training
- Wikis
Tools
- Dependency Management
- Dynamic Analysis
- Infrastructure as Code Analysis
- Intentionally Vulnerable Applications
- Monitoring
- Secrets Management
- Secrets Scanning
- Static Analysis
- Supply Chain Security
- Threat Modelling
Related Lists

Resources

Articles

Our Approach to Employee Security Training – Pager Duty – Guidelines to running security training within an organisation.

Books

Alice and Bob Learn Application Security – Tanya Janca – An accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development.

Communities

MyDevSecOps – Snyk – A community that runs conferences, a blog, a podcast and a Slack workspace dedicated to DevSecOps.

Conferences

AppSec Day – OWASP – An Australian application security conference run by OWASP.
DevSecCon – Snyk – A network of DevSecOps conferences run by Snyk.

Newsletters

Shift Security Left – Cossack Labs – A free biweekly newsletter for security-aware developers covering application security, secure architecture, DevSecOps, cryptography, incidents, etc. that can be useful for builders and (to a lesser extent) for breakers.

Podcasts

Absolute AppSec – Seth Law & Ken Johnson – Discussions about current events and specific topics related to application security.
Application Security Podcast – Security Journey – Interviews with industry experts about specific application security concepts.
BeerSecOps – Aqua Security – Breaking down the silos of Dev, Sec and Ops, discussing topics that span these subject areas.
DevSecOps Podcast Series – OWASP – Discussions with thought leaders and practitioners to integrate security into the development lifecycle.
The Secure Developer – Snyk – Discussion about security tools and best practices for software developers.

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.