Roadmap for everyone who wants DevSecOps.
- Roadmap
- Tools
- Resources
- Security of CICD
- Awesome resources
- Other roadmaps
- Wrap Up
- Contributors
- Contribute
Spending a lot of time on applying DevSecOps is searching, comparing, and making decisions about tools. These tool lists are a good way to help you reduce unnecessary time and apply them quickly π
Open https://github.com/hahwul/DevSecOps/blob/main/tools/README.md
- Overview
- DevSecOps in Wikipedia
- Zero to DevSecOps (OWASP Meetup)
- DevSecOps What Why And How (BlackHat USA-19)
- DevSecOps β Security and Test Automation (Mitre)
- DevSecOps: Making Security Central To Your DevOps Pipeline
- Strengthen and Scale security using DevSecOps
- DSOVS (OWASP DevSecOps Verification Standard)
- What is DevSecOps? (Github)
 
- Development Lifecycle
- Threat Model
- Secure Coding
- SAST(Static Application Security Testing)
- DAST(Dynamic Application Security Testing)
- Penetration testing
- Security Hardening & Config
- Security Scanning
- RASP(Run-time Application Security Protection)
- Security Patch
- RASP(Runtime Application Self-Protection)
 
- Security Audit
- Security Monitor
- IAST(Interactive Application Security Testing)
- Metrics, Monitoring, Alerting
 
- Security Analysis
- Github Actions
- Jenkins
| U.S. Department of Defense | Larry Maccherone | 
| The DevSecOps Security Checklist | Gitlab security devops diagram | 
If you think the roadmap can be improved, please do open a PR with any updates and submit any issues. Also, I will continue to improve this, so you might want to star this repository to revisit.
Idea from : Go Developer Roadmap