• Stars
    star
    142
  • Rank 258,495 (Top 6 %)
  • Language
  • Created about 10 years ago
  • Updated almost 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This repository contains information about DevSecOps and how to get involved in this community effort.

DevSecOps

Welcome to the DevSecOps initiative and software repositories. These repositories are meant to help build a community around DevOps + Security experimentation and lessons intended to help scale and deliver Rugged software. This is the primary repository to help with understanding the mission and getting involved. This is an actively evolving project and is intended to change over time.

This DevSecOps repository has been created to help security practitioners to understand DevSecOps, how to operate, and how to contribute to this effort.

#What is DevSecOps?

In summary, DevSecOps is a Rugged experiment intended to help us understand how to operate and scale Security to support DevOps. Several years ago, many of us realized that Josh Corman was right: "This is the end of Security as we know it." And to ensure the continued safety of the software developed via DevOps, we decided to lean in to experiment and learn what was required to scale security decisions and speed up security feedback for DevOps teams.

You can find more details here: What is DevSecOps? and also by reading the LinkedIn post first introduced on the DevSecOps web site.

More Repositories

1

awesome-devsecops

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.
4,394
star
2

bootcamp

A open contribute bootcamp to develop DevSecOps skills...
Shell
646
star
3

defcon-workshop

Python
65
star
4

wardley-maps

A repository for wardley maps related to security topics.
45
star
5

raindance

Project intended to make Attack Maps part of software development by reducing the time it takes to complete them.
GCC Machine Description
43
star
6

radar

Radar provides for early checks and review for software defined templates.
Ruby
18
star
7

assumer

An AWS cross-account tool to support human access with MFA for the CLI and GUI.
Ruby
18
star
8

firebolt

A platform to create, catalog and deploy tests for tools such as Gauntlt, AttackIQ and Metasploit.
Ruby
16
star
9

ssl_checks

This repo contains a collection of scripts to help with checks for SSL
Shell
16
star
10

forecast

Forecast is a big data environment for understanding security anomalies as they are presented in a project and is meant to aid in the collection of data for the end-to-end CICD pipeline.
Ruby
15
star
11

playbook

Coordination is key to success and originates from experiments that begin with manual operations and later get automated to scale. Playbook helps with this process and provides an automation framework to support this maturation process.
9
star
12

x-bootcamp

An extreme bootcamp to enable teams to build DevSecOps into their environment.
GCC Machine Description
9
star
13

controlplane

Your infrastructure is moving and so is your root of trust. This project helps to define a new control plane for locking down access and policies.
8
star
14

science

It's time for some serious insights and for sharing the wealth. Here, we'll share the science behind making security decisions.
7
star
15

selfie

Ruby
7
star
16

devsecops.github.io

We host the DevSecOps projects site on Github Pages with the interface located here.
CSS
6
star
17

weatherman

Weatherman helps with visualizing security information and metrics for DevOps teams to remediate defects.
5
star
18

heroes

Everyone is a hero in their own way. This repo provides a means of capturing the stories for DevSecOps heroes.
4
star
19

restacker

Ruby
4
star
20

assumer-go

Go
1
star
21

atls

JavaScript
1
star
22

wm

An automation framework for finding and reporting bugs using chains
1
star