DevSecOps & Pipeline Security
Tools for integrating security into the development pipeline and DevOps processes.
Fortify on Demand
A cloud-based application security service that integrates security testing into the DevOps toolchain.
TerraGoat
TerraGoat is a Terraform repository designed to demonstrate common configuration errors in cloud environments.
JFrog Xray
A software composition analysis (SCA) solution that identifies vulnerabilities in open-source components and license compliance violations.
Hammer
Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)
PagerDuty Full Service Ownership Documentation
guide to help teams transition to a full-service ownership model.
PagerDuty DevSecOps Documentation
A guide for integrating security into the development and operations lifecycle, emphasizing the importance of early security checks and cross-team collaboration.
Pulumi
Pulumi is an Infrastructure as Code (IaC) platform that allows developers to manage cloud resources using familiar programming languages.
SecHub
A unified integration mechanism for managing multiple security tools and scanners through a simple API/client interface.
Anchore DevSecOps
A solution for integrating security measures throughout the software development lifecycle, focusing on vulnerability scanning, secrets detection, and malware identification.
CloudWorks
CloudWorks is a cloud security tool developed by the Air Force Research Laboratory that focuses on securing software development and deployment.
SonarQube
A robust static code analysis tool for maintaining high code quality and security in software projects.