DevSecOps Guide

DevSecOps Guide

This is a guide of tools and resources to DevSecOps and Application Security professionals. In this guide the different tools and resources are provided with tags. In addition, a subjective evaluation is made (from 1 to 5 stars).

[!IMPORTANT]
The raiting is based on my work experience evaluating the tool, the use in the AppSec comunity and different parameters that I consider relevant (pricing, % of false positives, innovation…)

Tools

:lock: Static Application Security Testing (SAST)

Fortify :star::star::star::star::star:

        


  

Checkmarx :star::star::star::star::star:

        


  

Veracode :star::star::star::star::star:

  


  

Kiuwan :star::star::star::star::star:

        


  

Snyk Code :star::star::star::star::star:

        


  

Sonarqube :star::star::star::star:

         


  

Semgrep :star::star::star::star:

         


  

Bearer :star::star::star::star:

         


  

Bandit :star::star::star:

      


  

Brakeman :star::star::star:

      


  

FindSecBugs :star::star:

      


  

DevSkim :star::star::star:

      


                       

Insider :star::star:

      


                 

MobSF :star::star::star::star:

      


        

LuaSec :star::star::star:

      


  

GoSec :star::star::star:

      


  

Progpilot :star::star:

      


  

:package: Software Composition Analysis (SCA)

Snyk Open Source :star::star::star::star::star:

        


  

:gear: Dynamic Application Security Testing (DAST)

:key: Secret detection

:ship: Container Static Security Analysis

:runner: Container Runtime Security

:building_construction: Infraestructure-as-Code Security Analysis (IaC Security Analysis)

:shield: Application Security Posture Management (ASPM)

:mag: Runtime Application Security Testing (RASP)

:cloud: Cloud Security Posture Management (CSPM)

:incoming_envelope: API Security

:desktop_computer: Threat Modelling

:hammer_and_wrench: Security vulnerability fixers

:mortar_board: Learning Secure Application Development platforms

Resources

Formation & Certifications

Security vulnerability fix

Tags