Devsecops
Explore 35 curated tools and resources
LATEST ADDITIONS
A cloud security platform that combines Kubernetes security scanning, runtime monitoring, and cloud security posture management using Kubescape and eBPF technology.
A command-line tool that scans NPM packages and ZIP files to detect exposed secrets and sensitive credentials in source code and configuration files.
API security platform that combines discovery, testing, and monitoring capabilities to identify and protect against API vulnerabilities throughout the development lifecycle.
An API security platform that discovers, documents, and tests APIs throughout the development lifecycle while maintaining a centralized catalog of all API assets.
A DAST solution that performs automated security testing of APIs and web applications within development workflows and CI/CD pipelines.
An ASPM platform that provides software supply chain security through risk assessment, prioritization, and protection mechanisms.
A visual guide illustrating attack paths and techniques for exploiting vulnerabilities in GitHub Actions configurations.
StepSecurity is a platform that enhances GitHub Actions security by providing network egress control, risk discovery, action replacement, and security best practices orchestration.
API Security is a comprehensive solution that provides continuous discovery, vulnerability assessment, threat detection, compliance monitoring, dynamic testing, and remediation capabilities to protect APIs against various threats and vulnerabilities.
Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
VIDOC is an AI-powered security tool that automates code review, detects and fixes vulnerabilities, and monitors external security, ensuring the integrity of both human-written and AI-generated code in software development pipelines.
A simple Swagger-ui scanner that detects old versions vulnerable to various XSS attacks
A GitHub App that monitors GitHub organizations or repositories for adherence to security best practices and detects policy violations.
Self-hosted Fuzzing-As-A-Service platform for continuous developer-driven fuzzing.
Mitigate security concerns of Dependency Confusion supply chain security risks.
A learning and training project demonstrating common configuration errors in cloud environments.
Metadata repository with installation tools and cloud provider support.
Create Docker container images for testing and long-term use.
A game packed with real-life examples of how not to store secrets in software, with 46 challenges to solve.
Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.
A compilation of suggested tools for each component in a detection and response pipeline, with real-world examples, to design effective threat detection and response pipelines.
A scalable python framework for security research and development teams.
A web security tool that scans for vulnerabilities and known attacks.
A free training course and lab environment for learning to test and attack cloud infrastructure, including AWS and Azure.
A centralized platform for managing open source components and automating software supply chain security.
A tool to conduct preliminary security checks in code, infrastructure, or IAM configurations using various open-source tools.
Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.
Docker's Actuary automates security best-practices checks for Docker containers.
A tool for static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers
Learn how to integrate security into Agile development teams for high performance
Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications with a pluggable infrastructure for integration with vulnerabilities databases.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Commercial
Vulnerability Management
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security