DevSecOps Lab Demo
Tools we are going to use:
Contineous Integration:
- SonarQube
TODO: Need to complete list for demo.
Code Scanning, Alerts, and Notification of Security Anomalies
Gitlab ~ For SDLC Alerta ~ for Scanning and Code Check Shiftleft ~ Code Analysis Trivy ~ Container Vulnerability Scanning
- GitLabCI
- Jenkins
- Github Actions
- CircleCI Snyk ~ Find And Fix Vulns Gerrit ~ Code Review SonarSource
Automation: Scanning, Discovery, and Remediation of Security Defects
StackStorm OWAPS Glue Owasp Zap Owasp Dependency Check Lynis ~ For Health Check Nuclie
Dashboards for Visibility: Customize Your View and Integrate Sources Grafana Kibana
Threat Intelligence: Identity, Predict, and Define Threats
OWASP Threat Dragon
Testing: Find Security Issues Before Going Live
Falco — Deployment runtime verification BDD-Security Arachni — Testing
Gsource ~ Github.
DevSecOps Introduction Video: https://www.youtube.com/watch?v=42UP1fxi2SY
- Internal
- Third party
- Shadow
- Partner
- External
- Orphand
- Unknown
Tools: https://www.metlo.com/ https://www.zaproxy.org/ https://github.com/flipkart-incubator/Astra https://www.traceable.ai
Resource: https://www.youtube.com/watch?v=iIKws2_0j34&t=242s https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools