Commit
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,75 @@ | ||
# awesome-devsecops | ||
# Awesome DevSecOps [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome) | ||
|
||
Inspired by the awesome-* trend on GitHub. This is a collection of documents, presentations, videos, training materials, tools, services and general leadership that support the DevSecOps mission. These are the essential building blocks and tidbits that can help you to arrange for a DevSecOps experiment or to help you build out your own DevSecOps program. | ||
|
||
This list will not be fully comprehensive and will change as DevSecOps matures. We intend for it to be an awesome list that grows and changes as the community learns and improves how DevSecOps is implemented and adopted. To be included in this list, the information, tools, vendors or initiative must provide for Free or Open Source capabilities that help with the DevSecOps mission. Links that lead to a commercial aspect are noted with a (P). | ||
|
||
<!-- START doctoc generated TOC please keep comment here to allow auto update --> | ||
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --> | ||
**Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* | ||
|
||
- [Information](#information) | ||
- [Presentations](#presentations) | ||
- [Initiatives](#initiatives) | ||
- [Tools](#tools) | ||
- [Dashboards](#dashboards) | ||
- [Hunting](#hunting) | ||
- [Testing](#testing) | ||
- [Alerting](#alerting) | ||
- [Threat Intelligence](#threat-intelligence) | ||
|
||
<!-- END doctoc generated TOC please keep comment here to allow auto update --> | ||
|
||
|
||
#Information | ||
We've been working across the industry to learn more about the different types of DevOps + Security initiatives. This collection has been pulled together and includes: Podcasts, Videos, Presentations, and other Media to help you learn more about DevSecOps, SecDevOps, DevOpsSec, and/or DevOps + Security. | ||
|
||
##Presentations | ||
Many talks are now targeting the change of adding Security into the DevOps environment. We've added some of the most notable ones here. | ||
|
||
* [Veracode's Defending the Cloud from a Full Stack Hack](https://www.rsaconference.com/writable/presentations/file_upload/csv-w03-_defending-the-cloud-from-the-full-stack-hack.pdf) | ||
|
||
##Initiatives | ||
There are a variety of initiatives underway to migrate security and compliance into DevOps. We've included links for active projects here: | ||
|
||
* [Compliance at Velocity (CATV)](https://github.com/dromologue/CATV) | ||
* [Rugged DevOps](http://www.ruggedsoftware.org) | ||
|
||
#Tools | ||
This collection of tools are useful in establishing a DevSecOps platform. We have divided the tools into several categories that help with the different divisions of DevSecOps. | ||
|
||
##Dashboards | ||
Visualization is an important element of identifying, sharing and evolving the security information that passes from the beginning of the creative process through to operations. | ||
|
||
* [Kibana](https://www.elastic.co/products/kibana) | ||
|
||
##Hunting | ||
This list of tools provide the capabilities necessary for finding security anomalies and identifying rules that should be automated and extended to support scale demands. | ||
|
||
* [Mirador](http://fathom.info/mirador/) | ||
|
||
##Testing | ||
Testing is an essential element of a DevSecOps program because it helps to prepare teams for Rugged operations and to determine security defects before they can be exploited. | ||
|
||
* [Gauntlt](http://gauntlt.org/) | ||
|
||
##Alerting | ||
Once you discover something important, response time is critical and essential to the Incident Response required to remediate a security defect. These links include some of the projects that provide for Alerting and Notifications. | ||
|
||
* [Elastalert](https://github.com/yelp/elastalert) | ||
|
||
##Threat Intelligence | ||
There are many sources for Threat Intelligence in the world. Some of these come from IP Intelligence and others from Malware repositories. This category contains tools that are useful in capturing threat intelligence and collating it. | ||
|
||
* [OpenTPX](https://www.opentpx.org) | ||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.