DevSecOps & Pipeline Security
Tools for integrating security into the development pipeline and DevOps processes.
Checkov
Checkov is a static code analysis tool for infrastructure-as-code (IaC) configurations, ensuring security and compliance across various cloud platforms.
DefectDojo
A unified DevSecOps platform for managing vulnerabilities and security posture across multiple tools and projects.
tfsec
A security scanner for Terraform configurations that identifies potential vulnerabilities through static analysis.
Terrascan
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
KICS
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
PagerDuty Full Service Ownership Documentation
guide to help teams transition to a full-service ownership model.
TerraGoat
TerraGoat is a Terraform repository designed to demonstrate common configuration errors in cloud environments.
Hammer
Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)
PagerDuty DevSecOps Documentation
A guide for integrating security into the development and operations lifecycle, emphasizing the importance of early security checks and cross-team collaboration.
Bridgecrew
Bridgecrew automates the identification and remediation of misconfigurations in cloud infrastructure, leveraging its open-source tool Checkov for static analysis of IaC templates.
Pulumi
Pulumi is an Infrastructure as Code (IaC) platform that allows developers to manage cloud resources using familiar programming languages.
SecHub
A unified integration mechanism for managing multiple security tools and scanners through a simple API/client interface.