DevSecKit is a modular DevSecOps security scanning toolkit that integrates multiple security analysis techniques—SAST, SCA, Secrets Scanning, and DAST—into a single, CLI-driven framework with GitHub Actions CI/CD integration.
Security analysis categories:
- SAST (Static Application Security Testing)
- SCA (Software Composition Analysis)
- Secrets Scanning
- DAST (Dynamic Application Security Testing)
| Security Category | Tool | Target | Scanner Script |
|---|---|---|---|
| SAST | Semgrep | Source code | scanners/sast/semgrep.sh |
| SCA | OWASP Dependency-Check | Dependencies | scanners/sca/dependencycheck.sh |
| Secrets | Gitleaks | Repo files | scanners/secrets/gitleaks.sh |
| DAST | OWASP ZAP | Running web app | scanners/dast/zap.sh |
DevSecKit/
│
├── scanners/ # Security scan logic (CI-executed)
│ ├── sast/
│ │ └── semgrep_scan.sh
│ │
│ ├── sca/
│ │ └── dependency_check.sh
│ │
│ ├── secrets/
│ │ └── gitleaks_scan.sh
│ │
│ ├── dast/
│ │ └── zap_scan.sh
│
├── reports/ # Scan results (CI artifacts)
│ └── .gitkeep
│
├── configs/ # Tool configs (optional)
│
├── .github/
│ └── workflows/
│ └── devseckit.yml # MAIN workflow (single entry)
│
└── README.md
Installation (Local):