Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
46 views4 pages

Security Tools Used in DevOps

The document lists 20 security tools used in DevOps, including SonarQube, OWASP ZAP, and HashiCorp Vault, each serving different security purposes such as code analysis, vulnerability scanning, and secrets management. These tools collectively enhance security across various aspects of the DevOps environment, addressing needs like container security and incident response. The choice of tools should align with an organization's specific security requirements and infrastructure.

Uploaded by

Romuald Djeteje
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
46 views4 pages

Security Tools Used in DevOps

The document lists 20 security tools used in DevOps, including SonarQube, OWASP ZAP, and HashiCorp Vault, each serving different security purposes such as code analysis, vulnerability scanning, and secrets management. These tools collectively enhance security across various aspects of the DevOps environment, addressing needs like container security and incident response. The choice of tools should align with an organization's specific security requirements and infrastructure.

Uploaded by

Romuald Djeteje
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

20 Security Tools used In DevOps

. By DevOps Shack .

1. SonarQube (SAST):

o Description: SonarQube is a static code analysis tool that helps identify


code quality issues, bugs, and security vulnerabilities.
o Example: SonarQube

2. OWASP ZAP (DAST):

o Description: ZAP is an open-source dynamic application security


testing tool used for finding vulnerabilities in web applications during
runtime.
o Example: OWASP ZAP

3. Contrast Security (IAST):

o Description: Contrast Security provides interactive application security


testing, offering continuous monitoring and protection for applications.
o Example: Contrast Security

4. Anchore (Container Security):

o Description: Anchore scans container images for vulnerabilities, policy


violations, and provides insights into container security.
o Example: Anchore

5. HashiCorp Vault (Secrets Management):

o Description: Vault manages secrets and protects sensitive data,


providing centralized secret management and secure access.
o Example: HashiCorp Vault
6. Checkov (IaC Security):

o Description: Checkov is an IaC security tool that scans infrastructure-


as-code files for security misconfigurations.
o Example: Checkov

7. Prometheus and Grafana (Continuous Monitoring):

o Description: Prometheus is a monitoring and alerting toolkit, and


Grafana is used for visualization. Together, they provide powerful
monitoring capabilities.
o Examples: Prometheus, Grafana

8. ELK Stack (SIEM):

o Description: ELK Stack combines Elasticsearch, Logstash, and Kibana


for log management and analysis, helping in identifying security
incidents.
o Examples: Elasticsearch, Logstash, Kibana

9. Nessus (Vulnerability Scanning):

o Description: Nessus is a widely-used vulnerability scanner that


identifies and helps remediate vulnerabilities in systems and
applications.
o Example: Tenable Nessus

10. Demisto (SOAR):

o Description: Demisto (now part of Palo Alto Networks Cortex XSOAR)


is a Security Orchestration, Automation, and Response platform for
incident response automation.
o Example: Cortex XSOAR

11. Snort (Intrusion Detection and Prevention System):

o Description: Snort is an open-source IDS/IPS that monitors network


traffic for malicious activity and helps prevent security breaches.
o Example: Snort

12. Clair (Container Image Security):

o Description: Clair is an open-source project for the static analysis of


vulnerabilities in application containers.
o Example: Clair
13. Sysdig Secure (Container Security):

o Description: Sysdig Secure provides container security and monitoring,


offering runtime protection and visibility.
o Example: Sysdig Secure

14. Aqua Security (Container Security):

o Description: Aqua Security specializes in container security, providing


comprehensive solutions for securing containerized applications.
o Example: Aqua Security

15. Arachni (Web Application Security Scanner):

o Description: Arachni is an open-source web application security


scanner designed to find security issues in web applications.
o Example: Arachni

16. OpenVAS (Open Vulnerability Assessment System):

o Description: OpenVAS is an open-source vulnerability scanner used to


perform comprehensive vulnerability assessments.
o Example: OpenVAS

17. GitSecrets (Git Repository Scanning):

o Description: GitSecrets scans Git repositories for sensitive information


like passwords and API keys, helping prevent accidental leaks.
o Example: GitSecrets

18. Trivy (Container Image Security):

o Description: Trivy is a simple and comprehensive vulnerability scanner


for container images, focusing on simplicity and speed.
o Example: Trivy

19. Wazuh (Host-based Intrusion Detection System):

o Description: Wazuh is a security information and event management


(SIEM) tool with host-based intrusion detection capabilities.
o Example: Wazuh
20. GitLab CI/CD (Integrated Security):

o Description: GitLab CI/CD, when configured with security scanners and


tools, provides integrated security checks within the development
pipeline.
o Example: GitLab CI/CD

These tools collectively address various aspects of security within a DevOps


environment, covering code analysis, container security, infrastructure security,
incident response, and more. The specific choice of tools depends on the
organization's needs, infrastructure, and security requirements. Integrating multiple
tools into the DevOps pipeline helps create a robust security posture.

You might also like