DevSecOps
Secure Software Objectives
One simple way to describe the secure software objectives is to build or acquire software that satisies three Rs: Software must be reliable, resilient, and recoverable.
● Reliability means that software should function as expected.
● Resiliency means that software should withstand misuse and attack.
● Recoverability means having the ability for normal business operations restoration with minimal disruption.
Tools for implementing DevSecOps Automation
Development
Git Secrets - Prevents you from committing secrets and credentials into git repositories
Security plugins (Snyk, Fortify, Veracode) in any IDE (VSCode, IntelliJ)
Trufflehog - Find and verify credentials
Security (Application Security Testing)
Code Quality - SonarQube, CodeQL
SAST Security (Static) - Veracode, Chackmarx, Fortify
Software Composition Analysis (SCA) Security - Fortify, Veracode, Blackduck, Snyk
DAST (Dynamic) Security - OWASP ZAP, BurpSuite, WebInspect, Veracode DAST, Acunetix
Infrastructure as Code (IaC) Security - Bridgecrew, Snyk
Container Security - AQUA, Qualys, Prisma Cloud
Operations
Pipeline Building - Jenkins, Azure DevOps, GCP CludBuild, AWS, GitHub Actions, GitLab
Cloud Security Posture Management - AQUA, BridgeCrew
Container Registry Scanning - AQUA, AWS Native Registry
Infrastructure Scanning Tools - Chief Inspec (Compliance), Nessus
Cloud Security - Azure Defense, AWS Security Hub, Prowler (AWS)
Last updated