├── README.md └── DevSecOps.md /README.md: -------------------------------------------------------------------------------- 1 | # LearningDevOpsUkraine 2 | 3 | **Доброго всім дня.** 4 | 5 | **Це невеличкий конспект з допомоги тим, хто хоче вивчати DevOps у 2023 році.** 6 | 7 | **Матеріали тут зустрічаються трьома мовами - українською, англійською та мовою країни-загарбника. На жаль, зовсім без останніх обійтися було неможливо, бо для новачків такі пояснення нерідко є зрозумілішими, особливо коли рівень англійської вдосконалюється по ходу справи. Але, як сказав класик, і чужому навчайтесь, і свого не цурайтесь.** 8 | 9 | *Перелік не є закінченим. Доповнення і зауваження дуже вітаються.* 10 | 11 | *Також дякую телеграм-спільноті https://t.me/DevOpsMarathon та її очільнику - @edemus, 12 | телеграм-спільноті DevOps Geeks та україномовному каналу [DevOps 01](https://www.youtube.com/@DevOps01).* 13 | 14 | **[Never give up!](https://www.youtube.com/watch?v=GC5E8ie2pdM&ab_channel=TinaTurner)** 15 | 16 |
17 | Taste IT! 18 | 19 | ![alt text](https://github.com/allozavrr/Screenshots/blob/main/DevopsBurger.png "Taste IT!") 20 |
21 | 22 | # Table of Contents 23 | 24 | - **[Roadmaps](#roadmaps)** 25 | - **[Resouses](#resourses)** 26 | - **[Computer Science Guide](#computer-science-guide)** 27 | - **[Courses](#courses)** 28 | - **[Youtube](#youtube)** 29 | - **[Github](#github)** 30 | - **[Labs/Trainings](#labs--trainings)** 31 | - *[Trainings](#trainings)* 32 | - *[Coding](#coding)* 33 | - **[Git](#git)** 34 | - **[Linux](#linux)** 35 | - **[Networking](#networking)** 36 | - **[CI/CD](#cicd)** 37 | - **[Ansible](#ansible)** 38 | - **[Jenkins](#jenkins)** 39 | - **[Gitlab](#gitlab)** 40 | - **[Infrastructure as code](#infrastructure-as-code)** 41 | - **[Containerization](#containerization)** 42 | - **[Docker](#docker)** 43 | - **[Kubernetes](#kubernetes)** 44 | - **[Clouds](#clouds)** 45 | - **[AWS](#aws)** 46 | - **[Microsoft Azure](#microsoft-azure)** 47 | - **[Google Cloud Platform](#google-cloud-plarform)** 48 | - **[Programming and Scripting](#programming-and-scripting)** 49 | - **[Bash](#bash)** 50 | - *[Games for Bash learning](#games-for-bash-learning)* 51 | - **[Powershell](#powershell)** 52 | - **[Python](#python)** 53 | - **[Go](#go)** 54 | - **[Rust](#rust)** 55 | - **[SQL](#sql)** 56 | - **[Monitoring](#monitoring)** 57 | - **[DevSecOps](#devsecops)** 58 | - **[Interview](#interview)** 59 | - **[English](#english)** 60 | 61 | 62 | ## Roadmaps 63 | 64 | **Цей розділ присвячено роадмапам для зручності навчання та самопідготовки.** 65 | 66 | | Name | URL | Description | Meta | 67 | | :---------- | :---------- | :---------- | :----------: | 68 | | **90DaysOfDevOps** | [github.com/MichaelCade/90DaysOfDevOps](https://github.com/MichaelCade/90DaysOfDevOps) | The most famous roadmap for newbies DevOps-engineers |![Git Secrets](https://img.shields.io/github/stars/MichaelCade/90DaysOfDevOps?style=for-the-badge) | 69 | | **Another DevOps Roadmap** | [github.com/milanm/DevOps-Roadmap](https://github.com/milanm/DevOps-Roadmap) | Another detailed DevOps roadmap |![Git Secrets](https://img.shields.io/github/stars/milanm/DevOps-Roadmap?style=for-the-badge) | 70 | | **DevOps-Roadmap** | [github.com/devopshobbies/devops-roadmap](https://github.com/devopshobbies/devops-roadmap) | DevOps Roadmap by Ahmadali Bagheri (free resourses included) |![Git Secrets](https://img.shields.io/github/stars/devopshobbies/devops-roadmap?style=for-the-badge) | 71 | | **Become A DevOps Engineer in 2023** | [devopscube.com](https://devopscube.com/become-devops-engineerhttps://devopscube.com/become-devops-engineer) | Simple and nice roadmap | | 72 | | **DevOps Roadmap** | [roadmap.sh/devops](https://roadmap.sh/devops?r=devops-beginner) | FOR NEWBIE! Step by step guide for DevOps, SRE or any other Operations Role | | 73 | | **DevOps Roadmap** | [roadmap.sh](https://roadmap.sh/devops) | Step by step guide for DevOps, SRE or any other Operations Role in 2023 | | 74 | | **DevOps Roadmap** | [techworld-with-nana.com](https://www.techworld-with-nana.com/devops-roadmap) | Step by step guide outlining the most efficient path to become a DevOps engineer by TechWorld with Nana | | 75 | | **Learn to Cloud** | [learntocloud.guide](https://learntocloud.guide/docs/Welcome) | Skills you need to learn to get into Cloud Computing | | 76 | | **From Zero to DevOps Engineer - DevOps Roadmap for YOUR specific background** | [YouTube](https://www.youtube.com/watch?v=G_nVMUtaqCk&ab_channel=TechWorldwithNana) | Roadmap in a video | | 77 | | **Как стать DevOps Инженером с Нуля, что учить и в каком порядке** | [YouTube](https://www.youtube.com/watch?v=AxCgZ7yUKrU&list=PLg5SS_4L6LYuu1RAT4l1tCkZrJzkIaNgL&index=8&t=14s&ab_channel=ADV-IT) | Roadmap in a video | | 78 | 79 | 80 | 81 | ## Resourses 82 | 83 | **Цей розділ містить посилання на корисні ресурси для DevOps-інженерів.** 84 | 85 | | Name | URL | Description | Meta | 86 | | :---------- | :---------- | :---------- | :----------: | 87 | | **Ukrainian IT Communities** | [github.com/nikit0ns/Ukrainian_IT_Communities#-devops](https://github.com/nikit0ns/Ukrainian_IT_Communities#-devops) | Українські DevOps коммʼюніті і не тільки |![Git Secrets](https://img.shields.io/github/stars/nikit0ns/Ukrainian_IT_Communities?style=for-the-badge) | | 88 | 89 | ### Computer Science Guide 90 | 91 | | Name | URL | Description | Meta | 92 | | :---------- | :---------- | :---------- | :----------: | 93 | | **TeachYourselfCS-UK** | [github.com/babieiev/TeachYourselfCS-UK/](https://github.com/babieiev/TeachYourselfCS-UK/) | Збірник-посібник для самостійного фундаментального вивчення компʼютерних наук |![Git Secrets](https://img.shields.io/github/stars/babieiev/TeachYourselfCS-UK?style=for-the-badge) | | 94 | | **TeachYourselfCS-EN** | [github.com/ossu/computer-science](https://github.com/ossu/computer-science) | The same in English |![Git Secrets](https://img.shields.io/github/stars/ossu/computer-science?style=for-the-badge) | | 95 | | **CS50** | [YouTube](https://www.youtube.com/playlist?list=PLawfWYMUziZqyUL5QDLVbe3j5BKWj42E5) | Основы программирования: Легендарный Гарвардский курс CS50 (2015 - old but gold) |ru | | 96 | 97 | ### Courses 98 | 99 | *Вказані добірки курсів та платформ зазвичай платні, якщо не зазначено інше (безкоштовні навчальні матеріали розміщені у відповідних розділах).* 100 | 101 | | Name | URL | Description | Language | 102 | | :---------- | :---------- | :---------- | :----------: | 103 | | **Ресурси для вивчення DevOps-теми** | [dou.ua](https://dou.ua/forums/topic/42056/?from=similar_topics) | Підбірка ресурсів для вивчення DevOps від DOU |UA | | 104 | | **ITSkills4U** | [itskills4u.com.ua](https://itskills4u.com.ua/) | FREE! Developed by AWS, the program includes AWS Cloud training programs and certification, English and Polish language classes, mentorship, and access to job opportunities |EN | | 105 | | **StanfordOnline** | [edx.org](https://www.edx.org/school/stanfordonline?irclickid=WNB0XoxkWxyPRWhxQeRIaxGNUkF2qCQE-0kN1U0) | FREE! online courses from Stanford University |EN | | 106 | | **Become A DevOps Engineer in 2023: A Practical Roadmap** | [devopscube.com](https://devopscube.com/become-devops-engineer) | Strong recommended roadmap with FREE courses |EN | | 107 | | **Cantrill** | [acloud.guru](https://learn.cantrill.io/courses) | Paid online courses from Cantrill |EN | | 108 | | **A Cloud Guru** | [acloud.guru](https://acloud.guru/) | Paid online courses from A Cloud Guru |EN | | 109 | | **KodeKloud** | [kodekloud.com](https://kodekloud.com/) | Paid online courses from KodeKloud |EN | | 110 | | **O’Reilly** | [oreilly.com](https://www.oreilly.com/) | Paid online courses from O’Reilly |EN | | 111 | | **CBT Nuggets** | [cbtnuggets.com](https://www.cbtnuggets.com/) | Paid online courses from CBT Nuggets - a lot of trainings |EN | | 112 | | **Educative Accelerates Developer Productivity** | [educative.io](https://www.educative.io/) | Paid online courses on programming, cloud computing, data Science, machine Learning (no video, only practice) |EN | | 113 | 114 | ### Youtube 115 | 116 | | Name | URL | Description | Language | 117 | | :---------- | :---------- | :---------- | :----------: | 118 | | **DevOps01** | [Youtube](https://www.youtube.com/@DevOps01) | DevOps курси украінською мовою |UA | | 119 | | **DOU DevOps** | [Youtube](https://www.youtube.com/playlist?list=PLwj_3ikgO3CLZM1Jm_n5gw2CcoKMaKgD5) | Корисні підкасти DOU DevOps спільноти |UA | | 120 | | **CatOps** | [Youtube](https://www.youtube.com/@catops/playlists) | Корисні підкасти CatOps спільноти |UA | | 121 | | **Денис Васильєв** | [Youtube](https://www.youtube.com/@DenysVasyliev) | Senior про DevOps |UA | | 122 | | **DataArt Online** | [Youtube](https://www.youtube.com/playlist?list=PLU6_HdJGVDx93bE8cb3gpwRzJX57C1wvt) | Плейлист про DevOps від DataArt Online |UA | | 123 | | **AWS User Group Ukraine Lviv** | [Youtube](https://www.youtube.com/@awsusergroupukrainelviv1181/videos) | Канал із записами мітапів львівського AWS ком'юніті |UA | | 124 | | **Tech World with Nana** | [YouTube](https://www.youtube.com/@TechWorldwithNana) | Really needed materials about all DevOps hard-skills |EN | | 125 | | **NetworkChuck** | [YouTube](https://www.youtube.com/@NetworkChuck/playlists) | CCNA, CompTIA A+, CompTIA Network+ |EN | | 126 | | **Just me and Opensource** | [YouTube](https://www.youtube.com/@justmeandopensource/playlists) | A lot of trainings of DevOps tools, nice and full Kubernetes guide |EN | | 127 | | **DevOpsLearnEasy** | [YouTube](https://www.youtube.com/@DevOpsLearnEasy/videos) | Not just any course but a training that explains concepts from the absolute basics to the complex ones |EN | | 128 | | **Курсы: Школа DevOps v.1.0** | [YouTube](https://www.youtube.com/playlist?list=PLGQiJX6wM-zzcPye1y7gpyJO0uH7NMNP7) | Старенькі, але базові курси по основам DevOps |ru | | 129 | | **Лекторий по SRE** | [YouTube](https://www.youtube.com/playlist?list=PLjCCarnDJNstX36A6Cw_YD28thNFev1op) | Відеокурс по SRE DevOpsʼу для прокачки досвіду |ru | | 130 | 131 | ### Github 132 | 133 | | Name | URL | Description | Meta | 134 | | :---------- | :---------- | :---------- | :----------: | 135 | | **DevOps Bash Tools** | [github.com/HariSekhon/DevOps-Bash-tools](https://github.com/HariSekhon/DevOps-Bash-tools) | Scripts for many popular DevOps technologies |![Git Secrets](https://img.shields.io/github/stars/HariSekhon/DevOps-Bash-tools?style=for-the-badge) | 136 | | **DevOps resources** | [github.com/bregman-arie/devops-resources](https://github.com/bregman-arie/devops-resources) | This repository is about gathering any useful resources and information regarding DevOps |![Git Secrets](https://img.shields.io/github/stars/bregman-arie/devops-resources?style=for-the-badge) | 137 | | **How They DevOps** | [github.com/bregman-arie/howtheydevops](https://github.com/bregman-arie/howtheydevops) | A curated collection of publicly available resources on how companies around the world practice DevOps |![Git Secrets](https://img.shields.io/github/stars/bregman-arie/howtheydevops?style=for-the-badge) | 138 | | **DevOps exercises** | [github.com/bregman-arie/devops-exercises](https://github.com/bregman-arie/devops-exercises) | This repo contains questions and exercises on various technical topics, sometimes related to DevOps and SRE |![Git Secrets](https://img.shields.io/github/stars/bregman-arie/devops-exercises?style=for-the-badge) | 139 | | **Free DevOps Books** | [github.com/rootusercop/Free-DevOps-Books-1](https://github.com/rootusercop/Free-DevOps-Books-1/tree/master) | This is a curated collection of free DevOps eBooks available on the Internet |![Git Secrets](https://img.shields.io/github/stars/bootusercop/Free-DevOps-Books-1?style=for-the-badge) | 140 | | **Awesome Site Reliability Engineering** | [github.com/dastergon/awesome-sre](https://github.com/dastergon/awesome-sre) | A curated list of awesome Site Reliability and Production Engineering resources |![Git Secrets](https://img.shields.io/github/stars/astergon/awesome-sre?style=for-the-badge) | 141 | | **SRE Learning Platform** | [github.com/ViktorUJ/cks](https://github.com/ViktorUJ/cks) | An open-source hub designed to help IT engineers effectively prepare for the CKA, CKS, and CKAD exams |![Git Secrets](https://img.shields.io/github/stars/ViktorUJ/cks?style=for-the-badge) | 142 | | **Test your Sysadmin skills** | [github.com/trimstray/test-your-sysadmin-skills](https://github.com/trimstray/test-your-sysadmin-skills) | This project contains 284 test questions and answers that can be used as a test your knowledge or during an interview such as Linux/Networks |![Git Secrets](https://img.shields.io/github/stars/trimstray/test-your-sysadmin-skills?style=for-the-badge) | 143 | | **DevOps-Bash-tools** | [github.com/HariSekhon/DevOps-Bash-tools](https://github.com/HariSekhon/DevOps-Bash-tools) | Scripts for many popular DevOps technologies |![Git Secrets](https://img.shields.io/github/stars/HariSekhon/DevOps-Bash-tools?style=for-the-badge) | 144 | | **Coding Interview University** | [github.com/jwasham/coding-interview-university](https://github.com/jwasham/coding-interview-university) | A short to-do list of study topics for becoming a software engineer (useful for your coding skills) |![Git Secrets](https://img.shields.io/github/stars/jwasham/coding-interview-university?style=for-the-badge) | 145 | 146 | ### Labs / Trainings 147 | 148 | #### Trainings 149 | 150 | | Name | URL | Description | Language | 151 | | :---------- | :---------- | :---------- | :----------: | 152 | | **Kllr shll** | [killer.sh](https://killer.sh/) | Linux Foundation Exam Simulators (Linux & Kubernetes Exam Prep) |EN | | 153 | 154 | #### Coding 155 | 156 | *Тренажери для прокачки скілу програмування будь-якою мовою.* 157 | 158 | | Name | URL | Description | Language | 159 | | :---------- | :---------- | :---------- | :----------: | 160 | | **LeetCode** | [leetcode.com](https://leetcode.com/) | The best platform to help you enhance your skills, expand your knowledge and prepare for technical interviews |EN | | 161 | | **Codewars** | [codewars.com](https://www.codewars.com/) | Improve your development skills by training with your peers on code kata that continuously challenge and push your coding practice |EN | | 162 | | **CodingDrills** | [codingdrills.com](https://www.codingdrills.com/) | Practice your coding skills with Ada, your personal AI tutor |EN | | 163 | 164 | ## Git 165 | 166 | **Матеріали для ознайомлення з системою контролю версій Git (VCS).** 167 | 168 | | Name | URL | Description | Language | 169 | | :---------- | :---------- | :---------- | :----------: | 170 | | **Git, GitHub, & GitHub Desktop for beginners** | [Youtube](https://www.youtube.com/watch?v=8Dd7KRpKeaE&ab_channel=CoderCoder) | Step by step guide for DevOps, SRE or any other Operations Role in 2023 |EN | | 171 | | **Course: Git for Beginners** | [Youtube](https://www.youtube.com/playlist?list=PLYQSCk-qyTW3lX_dyw0R2eVzNGB3Tlv9S) |Git for Beginners short guide |EN | | 172 | | **Скринкаст по Git** | [Youtube](https://www.youtube.com/watch?v=W4hoc24K93E&list=PLDyvV36pndZFHXjXuwA_NywNrVQO0aQqb) | Основні функції Git |ru | | 173 | | **Основы Git, GitHub и GitHub Actions** | [Youtube](https://www.youtube.com/playlist?list=PLg5SS_4L6LYstwxTEOU05E0URTHnbtA0l) | Курс по Git, GitHub та GitHub Actions |ru | | 174 | | **GitHub Actions Tutorial** | [Youtube](https://www.youtube.com/watch?v=R8_veQiYBjI&ab_channel=TechWorldwithNana) | GitHub Actions Tutorial from TechWorld with Nana |EN | | 175 | | **Git для розподіленої розробки програмного забезпечення** | [prometheus.org.ua](https://apps.prometheus.org.ua/learning/course/course-v1:LinuxFoundation+INTRO101+2023_T1/home) | Базовий Git від The Linux Foundation |UA | | 176 | | **Git Tutorial for Beginners** | [w3schools.com](https://www.w3schools.com/git/default.asp?remote=github) | Git простими словами для початківців |EN | | 177 | | **Pro Git book. Підручник** | [git-scm.com](https://git-scm.com/book/uk/v2) | Основи Git. Підручник |UA | | 178 | | **The Git Community Book** | [uleming.github.io](https://uleming.github.io/gitbook/index.html) | Добрі матеріали по Git у вигляді документації |ru | | 179 | | **Конспект з Git** | [githowto](https://githowto.com/uk) | Гарно структурований конспект-задачник |UA | | 180 | | **Інтерактивний тренажер з Git** | [learngitbranching.js.org](https://learngitbranching.js.org/?locale=uk) | Гарний тренажер-задачник з Git |EN/UA | | 181 | 182 | 183 | 184 | ## Linux 185 | 186 | **Розділ для вдосконалення знань з Linux - для новачків та не тільки.** 187 | 188 | | Name | URL | Description | Language | 189 | | :---------- | :---------- | :---------- | :----------: | 190 | | **Уроки Linux для начинающих** | [Youtube](https://www.youtube.com/playlist?list=PL0lO_mIqDDFUwVWvVitxG2oXA6a-Nq-Qq) | Гайд для початківців від Гоші Дударя |ru | | 191 | | **Linux Essentials** | [Youtube](https://www.youtube.com/playlist?list=PLmxB7JSpraiep6kr802UDqiAIU-76nGfc) | Підготовка віртуальної машини для роботи з Linux від Кирила Сємаєва |ru | | 192 | | **Hacker School Linux** | [Youtube](https://www.youtube.com/playlist?list=PL86fNax1UdKvgWOkgtm_opAYbo5kGtQ88) | Курс для початківців Linux від Hacker School |ru | | 193 | | **ADV-IT Linux для Начинающих** | [Youtube](https://www.youtube.com/playlist?list=PLg5SS_4L6LYuE4z-3BgLYGkZrs-cF4Tep) | Курс для початківців з Linux від ADV-IT |ru | | 194 | | **ADV-IT Linux НЕ для Начинающих** | [Youtube](https://www.youtube.com/watch?v=hb1jtBm71MY&list=PLg5SS_4L6LYsgy5qLYZtvoaV34zn5iKPe&ab_channel=ADV-IT) | Курс для поглиблення знань з Linux від ADV-IT |ru | | 195 | | **LPIC-1 (exam 101)** | [Youtube](https://www.youtube.com/playlist?list=PLmxB7JSpraiep6kr802UDqiAIU-76nGfc) | Підготовка до екзамену LPIC-1 (exam 101) від Кирила Сємаєва |ru | | 196 | | **LPIC-2 (exam 201)** | [Youtube](https://www.youtube.com/playlist?list=PLmxB7JSpraidTqByo0ihkyExIbKfAB-B9) | Підготовка до екзамену LPIC-2 (exam 201) від Кирила Сємаєва |ru | | 197 | | **Server. Linux. Системы и решения** | [Youtube](https://www.youtube.com/playlist?list=PLqVeG_R3qMSysWrn9lqcyxP50INzqAnbN) | Поглиблені та специфічні теми з Linux від RomNero |ru | | 198 | | **Into the Terminal (Red Hat Enterprise Linux)** | [Youtube](https://www.youtube.com/playlist?list=PLXJyD2dL4oqeX-C3MvsMUJuEzWM4vLK2C) | Critical Administration Skills for Red Hat Enterprise Linux |EN | | 199 | | **Linux Operating System — Crash Course for Beginners** | [Youtube](https://www.youtube.com/playlist?list=PLXJyD2dL4oqeX-C3MvsMUJuEzWM4vLK2C) | Learn the basics of the Linux Operating System in this crash course for beginners (in 3 hours) |EN | | 200 | | **Основи Linux** | [prometheus.org.ua](https://apps.prometheus.org.ua/learning/course/course-v1:LinuxFoundation+INTRO_LINUX101+2023_T1/home) | Базовий Linux від The Linux Foundation |UA | | 201 | | **The Linux Basic Course** | [Youtube](https://www.youtube.com/playlist?list=PLtK75qxsQaMLZSo7KL-PmiRarU7hrpnwK) | All beginners should know for system administration, cloud infrastructure, DevOps, programming |EN | | 202 | | **Linux Fundamentals** | [coursera.org](https://www.coursera.org/learn/linux-fundamentals) | Basic part of the Learning Linux for LFCA Certification Specialization |EN | | 203 | | **Linux Essentials** | [learning.lpi.org](https://learning.lpi.org/en/learning-materials/010-160/) | Basic part of the Learning Linux for LPIC Professional Certification track |EN | | 204 | 205 | 206 | ## Networking 207 | 208 | **Розділ для вивчення та повторення компʼютерних мереж.** 209 | 210 | | Name | URL | Description | Language | 211 | | :---------- | :---------- | :---------- | :----------: | 212 | | **Компьютерные сети, учебный курс** | [Youtube](https://www.youtube.com/playlist?list=PLtPJ9lKvJ4oiNMvYbOzCmWy6cRzYAh9B1) | Курс для початківців по мережам від Андрія Созикіна |ru | | 213 | | **Компьютерные сети. Продвинутые темы** | [Youtube](https://www.youtube.com/playlist?list=PLtPJ9lKvJ4oh_w4_jtRnKE11aqeRldCFI) | Курс для поглиблення знань по мережам від Андрія Созикіна |ru | | 214 | | **Практики по компьютерным сетям** | [Youtube](https://www.youtube.com/playlist?list=PLtPJ9lKvJ4oiKPQ9GXOvntj44Eu8IGAJK) | Детальне вивчення протоколів від Андрія Созикіна |ru | | 215 | | **Защищенные сетевые протоколы** | [Youtube](https://www.youtube.com/playlist?list=PLtPJ9lKvJ4oiFnWCsVRElorOLt69YDEnv) | TLS, SSl, HTTPS від Андрія Созикіна |ru | | 216 | | **Лекции по курсу Компьютерные сети** | [Youtube](https://www.youtube.com/playlist?list=PLf4R2kS4aMYazLYKqz1hQi_Upz0rfLFjy) | Лекції Артема Береснева по курсу Компʼютерні мережі |ru | | 217 | | **Курсы Cisco CCNA 200-301** | [Youtube ч.1](https://www.youtube.com/playlist?list=PL0MV6px_XdxDJLaePIpq7PPllVLdL_kw_) | Cisco CCNA p.1 |ru | | 218 | | **Курсы Cisco CCNA 200-301** | [Youtube ч.2](https://www.youtube.com/playlist?list=PL0MV6px_XdxCkDz7yNCulKlK2I7144Yae) | Cisco CCNA p.2 |ru | | 219 | | **Уроки Cisco. От простого к интересному** | [Youtube](https://www.youtube.com/playlist?list=PL7CmqnO_QydgI7FyoWR6HVUZr-OOFxfXp) | Курс для початківців по Cisco |ru | | 220 | | **Уроки Cisco Packet Tracer** | [Youtube](https://www.youtube.com/playlist?list=PLpFle7-wFzL5991JNn-J0LnVn6_6tDacB) | Курс для початківців по Cisco Packet Tracer |ru | | 221 | | **CompTIA Network+ N10-007 Training Course** | [Youtube](https://www.youtube.com/playlist?list=PLG49S3nxzAnmpdmX7RoTOyuNJQAb-r-gd) | CompTIA Network+ N10-007 Exam Prep |EN | | 222 | | **Computer Networks Neso Academy** | [Youtube](https://www.youtube.com/playlist?list=PLBlnK6fEyqRgMCUAG0XRw78UA8qnv6jEx) | Fundamental Network course |EN | | 223 | | **Computer Networks** | [Youtube](https://www.youtube.com/playlist?list=PLBlnK6fEyqRgMCUAG0XRw78UA8qnv6jEx) | OS-based Network course from Neso Academy |EN | | 224 | | **Computer Networking Course - Network Engineering** | [Youtube](https://www.youtube.com/watch?v=qiQR5rTSshw&ab_channel=freeCodeCamp.org) | CompTIA Network+ Exam Prep from freeCodeCamp.org |EN | | 225 | | **Free CCNA 200-301 - Complete Course 2023** | [Youtube](https://www.youtube.com/playlist?list=PLxbwE86jKRgMpuZuLBivzlM8s2Dk5lXBQ) | CompTIA Network+ Exam Prep from Jeremy's IT Lab |EN | | 226 | | **Cisco Networking Academy - Networking Basics** | [skillsforall.com](https://skillsforall.com/course/networking-basics?courseLang=en-US) | Basic Network course |EN | | 227 | | **Network Fundamentals Course** | [educative.io](https://www.educative.io/module/An5VrvSlLQN6R6N8y/10370001/4813190514343936) | Practical Network course |EN | | 228 | | **Free CCNA Course – the most complete guide** | [ictshore.com](https://www.ictshore.com/free-ccna-course-start/) | Complete CCNA guide (text) |EN | | 229 | | **Tech Fundamentals** | [cantrill.io](https://learn.cantrill.io/p/tech-fundamentals) | Foundational technical knowledge you need to succeed in the tech industry |EN | | 230 | 231 | 232 | ## CI/CD 233 | 234 | **CI/CD та які тулзи у ньому використовуються.** 235 | 236 | | Name | URL | Description | Language | 237 | | :---------- | :---------- | :---------- | :----------: | 238 | | **DevOps Big Picture (On-Premises)** | [itnext.io](https://itnext.io/devops-big-picture-on-premises-d07f61d6c34c) | An overview of DevOps best practices and tools for on-premises environments |EN | | 239 | | **DevOps Prerequisites Course - Getting started with DevOps** | [Youtube](https://www.youtube.com/watch?v=Wvf0mBNGjXY&ab_channel=freeCodeCamp.org) | The course covers the basic prerequisites knowledge needed for your journey into the Cloud and DevOps world |EN | | 240 | | **Курсы: CICD (сентябрь 2020)** | [Youtube](https://www.youtube.com/playlist?list=PLGQiJX6wM-zzEcA_0Wn3SIL8MyammjqSH) | Старенький курс, але для розуміння, що таке CI/CD підійде |ru | | 241 | | **CI/CD intro** | [Youtube](https://www.youtube.com/playlist?list=PLZgiAwkeHf_Z4szrqERIMzLkplO2F5D8N) | Введення у CI/CD від DevOps01 |UA | | 242 | | **Що робити після того, як програма написана? Практичний погляд на SDLC, CI/CD, DevOps для початківців** | [Youtube](https://www.youtube.com/watch?v=zGyXsxNAdt4&t=1s&ab_channel=%D0%9F%D1%80%D0%BE%D1%81%D1%82%D0%BE%D0%BF%D1%80%D0%BE%D0%86%D0%A2) | Невеликий огляд (не курс!), що таке CI/CD |UA | | 243 | | **DevOps Tools Periodic Table** | [digital.ai](https://digital.ai/learn/devops-periodic-table/) | The Periodic Table of DevOps Tools |EN | | 244 | | **DevOps Project Examples** | [devopsrealtime.com](https://devopsrealtime.com/category/projects/) | DevOps project Examples |EN | | 245 | | **Cognitiveclass.ai** | [cognitiveclass.ai](https://cognitiveclass.ai/courses?type%5B%5D=all&sort%5B%5D=most_popular&skills%5B%5D=devops) | DevOps project small Guides |EN | | 246 | 247 | ### Ansible 248 | 249 | | Name | URL | Description | Language | 250 | | :---------- | :---------- | :---------- | :----------: | 251 | | **Ansible** | [Youtube](https://www.youtube.com/playlist?list=PLg5SS_4L6LYufspdPupdynbMQTBnZd31N) | Курс з Ansible від ADV-IT |ru | | 252 | | **Основы Ansible 2.9 для сетевых инженеров** | [Youtube](https://www.youtube.com/playlist?list=PLah0HUih_ZRnuI_K5-GV4FdAO9dVkRIGF) | Непоганий курс з Ansible для початківців |ru | | 253 | | **Practical DevOps: Ansible** | [Youtube](https://www.youtube.com/watch?v=othMODPm4Jk&ab_channel=DevOps01) | Курс з Ansible від DevOps01 |UA | | 254 | | **Ansible 101** | [Youtube](https://www.youtube.com/playlist?list=PL2_OBreMn7FqZkvMYt6ATmgC0KAGGJNAN) | Ansible 101 introduces Ansible for Linux server administration by Jeff Geerling |EN | | 255 | 256 | ### Jenkins 257 | 258 | | Name | URL | Description | Language | 259 | | :---------- | :---------- | :---------- | :----------: | 260 | | **Jenkins - Автоматизация CI/CD** | [Youtube](https://www.youtube.com/playlist?list=PLg5SS_4L6LYufspdPupdynbMQTBnZd31N) | Курс по Jenkins від ADV-IT |ru | | 261 | 262 | ### Gitlab 263 | 264 | | Name | URL | Description | Language | 265 | | :---------- | :---------- | :---------- | :----------: | 266 | | **GitLab CI/CD** | [Youtube](https://www.youtube.com/playlist?list=PLqVeG_R3qMSzYe_s3-q7TZeawXxTyltGC) | Маленький курс по Gitlab від RomNero |ru | | 267 | | **GitLab CI CD Tutorial for Beginners [Crash Course]** | [Youtube](https://www.youtube.com/watch?v=qP8kir2GUgo&ab_channel=TechWorldwithNana) | 1-hour video building a complete GitLab CI/CD pipeline by TechWorldwithNan |EN | | 268 | 269 | 270 | 271 | ## Infrastructure as code 272 | 273 | **Розділ для тих, хто починає працювати з інструментами для Infrastructure as Code.** 274 | 275 | | Name | URL | Description | Language | 276 | | :---------- | :---------- | :---------- | :----------: | 277 | | **Terraform** | [Youtube](https://www.youtube.com/playlist?list=PLg5SS_4L6LYujWDTYb-Zbofdl44Jxb2l8) | Terraform доступно від ADV-IT |ru | | 278 | | **Practical DevOps: Terraform 01** | [Youtube](https://www.youtube.com/watch?v=wOI7fpZYIJk&ab_channel=DevOps01) | Terraform для початківців від DevOps01 |UA | | 279 | | **Terraform - From Zero to Certified Professional** | [Youtube](https://www.youtube.com/playlist?list=PLg5SS_4L6LYsUzsBeN8rPe1EoqKWhMlnF) | Terraform - From Zero to Certified Professional від ADV-IT |EN | | 280 | | **Terraform-The-Hard-Way** | [github.com/AdminTurnedDevOps](https://github.com/AdminTurnedDevOps/Terraform-The-Hard-Way) | This tutorial contains a full explanation of how to use Terraform in today's world |EN | | 281 | | **Awesome Terraform** | [github.com/shuaibiyy/awesome-terraform](https://github.com/shuaibiyy/awesome-terraform) | A curated list of resources on HashiCorp's Terraform |EN | | 282 | 283 | 284 | ## Containerization 285 | 286 | **Розділ з лінками на ресурси по контейнеризації та оркеструванню.** 287 | | Name | URL | Description | Language | 288 | | :---------- | :---------- | :---------- | :----------: | 289 | | **Containerization intro** | [Youtube](https://www.youtube.com/watch?v=E2YD8fa-q5Q&ab_channel=DevOps01) | Вступ до розуміння контейнеризації від DevOps01 |UA | | 290 | | **Containers deep dive** | [Youtube](https://www.youtube.com/watch?v=2gVDxcyeGIY&ab_channel=DevOps01) | Поглиблення у контейнеризацію від DevOps01 |UA | | 291 | | **Containerisation best practices** | [Youtube](https://www.youtube.com/watch?v=3rNUPHvZIII&ab_channel=DevOps01) | Best practices по контейнеризації від DevOps01 |UA | | 292 | 293 | 294 | ### Docker 295 | 296 | | Name | URL | Description | Language | 297 | | :---------- | :---------- | :---------- | :----------: | 298 | | **Контейнеризація та основи роботи з Docker** | [Youtube](https://www.youtube.com/watch?v=O0pTOjWlKbc&ab_channel=Bobocode) | Докер все-в-одному відео |UA | | 299 | | **Dev.DevOps: Docker** | [Youtube](https://www.youtube.com/playlist?list=PLpJNC8fNX1CRtS7SE6oB3MfZZ64RxCxa3) | Докер для початківців |ru | | 300 | | **Docker контейнеризация оркестрация контейнеров** | [Youtube](https://www.youtube.com/playlist?list=PLQuaNOtBP3TrePxRFjV4g4_fb9Tdol0DP) | Розгляди цікавих питань по Docker |ru | | 301 | | **Docker - Всё что нужно знать чтобы начать работать с Docker, все основы в одном уроке** | [Youtube](https://www.youtube.com/watch?v=I18TNwZ2Nqg&ab_channel=ADV-IT) | Docker доступно від ADV-IT |ru | | 302 | | **Docker - Полный курс Docker Для Начинающих** | [Youtube](https://www.youtube.com/watch?v=_uZQtRyF6Eg&t=6083s&ab_channel=BogdanStashchuk) | Гарний курс для початківців від Богдана Сташука |ru | | 303 | | **ZDay by Zfort: Docker** | [Youtube](https://www.youtube.com/playlist?list=PL5Xc41XnApvxs1haUwv2CYtgQApwe7oTK) | База для початківців від Дениса Прісухина |ru | | 304 | | **DevOps with Docker** | [devopswithdocker.com](https://devopswithdocker.com/) | Containers for Beginners |EN | | 305 | | **Docker Crash Course for Absolute Beginners** | [Youtube](https://www.youtube.com/watch?v=pg19Z8LL06w&ab_channel=TechWorldwithNana) | Docker Crash Course from TechWorld with Nana |EN | | 306 | | **Play with Docker Classroom** | [training.play-with-docker.com](https://training.play-with-docker.com/) | Mix of labs and tutorials that will help Docker users, including SysAdmins, IT Pros, and Developers |EN | | 307 | | **Docker Fundamentals** | [learn.cantrill.io](https://learn.cantrill.io/p/docker-fundamentals) | This course is designed to provide a comprehensive introduction to the world of Docker and containerization |EN | | 308 | 309 | ### Kubernetes 310 | 311 | | Name | URL | Description | Language | 312 | | :---------- | :---------- | :---------- | :----------: | 313 | | **Kubernetes Roadmap** | [roadmap.sh](https://roadmap.sh/kubernetes) | Kubernetes Roadmap |EN | | 314 | | **Kubernetes и его кубики** | [Youtube](https://www.youtube.com/watch?v=hzY1ny6umVA&ab_channel=OTUS%D0%9E%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD-%D0%BE%D0%B1%D1%80%D0%B0%D0%B7%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5) | Базове відео по Kubernetes |ru | | 315 | | **Kubernetes Уроки** | [Youtube](https://www.youtube.com/playlist?list=PL3SzV1_k2H1VDePbSWUqERqlBXIk02wCQ) | Непоганий курс для новачків по Kubernetes |ru | | 316 | | **Kubernetes** | [Youtube](https://www.youtube.com/playlist?list=PLg5SS_4L6LYvN1RqaVesof8KAf-02fJSi) | Kubernetes від ADV-IT |ru | | 317 | | **Kubernetes Уроки** | [Youtube](https://www.youtube.com/playlist?list=PL3SzV1_k2H1VDePbSWUqERqlBXIk02wCQ) | Лист з уроками для початківців |ru | | 318 | | **Открытая вечерняя школа. Kubernetes для разработчиков** | [Youtube](https://www.youtube.com/playlist?list=PL8D2P0ruohOBSA_CDqJLflJ8FLJNe26K-) | Корисний великий плейлист для початківців |ru | | 319 | | **Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]** | [Youtube](https://www.youtube.com/watch?v=X48VuDVv0do&ab_channel=TechWorldwithNana) | Big Beginners Kubernetes course |EN | | 320 | | **Kubernetes [FULL COURSE in 10 Hours]** | [Youtube](https://www.youtube.com/watch?v=y3WTwzx5ABk&ab_channel=edureka%21) | Kubernetes Tutorial is ideal for both beginners as well as professionals who want to master the fundamentals of Kubernetes |EN | | 321 | | **Основи Kubernetes** | [prometheus.org.ua](https://apps.prometheus.org.ua/learning/course/course-v1:LinuxFoundation+INTRO101+2023_T1/home) | Базовий Kubernetes від The Linux Foundation |UA | | 322 | | **DevOps with Kubernetes** | [devopswithkubernetes.com](https://devopswithkubernetes.com/) | Introduction to Kubernetes practices |EN | | 323 | | **Introduction to Kubernetes** | [edx.org](https://www.edx.org/course/introduction-to-kubernetes) | Big Kubernetes course |EN | | 324 | | **Just enough kubernetes to be dangerous** | [udemy.com](https://www.udemy.com/course/just-enough-kubernetes/) | Learn Kubernetes basics by practicing it |EN | | 325 | | **Kubernetes trainings** | [kube.academy](https://kube.academy/coursess) | Mini Kubernetes trainings by KubeAcademy |EN | | 326 | | **Play with Kubernetes** | [labs.play-with-k8s.com](https://labs.play-with-k8s.com/) | Kubernetes stand for labs |EN | | 327 | | **Kubernetes CheatSheet** | [minikube.sigs.k8s.io](https://minikube.sigs.k8s.io/docs/commands/) | MiniKube CheatSheets |EN | | 328 | | **Fast-Kubernetes** | [github.com/omerbsezer](https://github.com/omerbsezer/Fast-Kubernetes) | Kubernetes with LABs: Kubectl, Pod, Deployment, Service, PV, PVC, Rollout, Multicontainer, Daemonset, Taint-Toleration, Job, Ingress, Kubeadm, Helm |EN | | 329 | | **100 Days Of Kubernetes** | [100daysofkubernetes.io](https://100daysofkubernetes.io/) | 100 Days of Kubernetes is the challenge in which we aim to learn something new related to Kubernetes each day across 100 Days |EN | | 330 | | **Fast Kubernetes** | [github.com/omerbsezer](https://github.com/omerbsezer/Fast-Kubernetes) | This repo covers Kubernetes with LABs: Kubectl, Pod, Deployment, Service, PV, PVC, Rollout, Multicontainer, Daemonset, Taint-Toleration, Job, Ingress, Kubeadm, Helm, etc. |EN | | 331 | | **kubernetes-examples** | [github.com/AdminTurnedDevOps](https://github.com/AdminTurnedDevOps/kubernetes-examples) | This repo contains a bunch of Kubernetes examples |EN | | 332 | | **Kubernetes The Hard Way** | [github.com/kelseyhightower](https://github.com/kelseyhightower/kubernetes-the-hard-way) | This tutorial walks you through setting up Kubernetes the hard way |EN | | 333 | | **Meshery** | [meshery.io](https://meshery.io) | A self-service engineering platform and open source cloud native manager that enables the design and management of all Kubernetes-based infrastructure and applications (multi-cloud). | EN | | 334 | | **Kanvas** | [kanvas.new](https://kanvas.new) | A collaborative visual tool for designing and managing infrastructure, streamlining the process of planning and operating your digital architecture. | EN | | 335 | 336 | ## Clouds 337 | 338 | **Розділ для вивчення хмарних середовищ і де їх шукати.** 339 | 340 | | Name | URL | Description | Language | 341 | | :---------- | :---------- | :---------- | :----------: | 342 | | **Learn to Cloud** | [learntocloud.guide](https://learntocloud.guide/docs/Welcome) | Skills you need to learn to get into Cloud Computing |EN | | 343 | 344 | ### AWS 345 | 346 | | Name | URL | Description | Language | 347 | | :---------- | :---------- | :---------- | :----------: | 348 | | **AWS LEARNING PATH** | [AWS](https://aws.amazon.com/getting-started/learning-path-devops-engineer/) | Learning Path by AWS |EN | | 349 | | **AWS** | [Youtube](https://www.youtube.com/playlist?list=PLg5SS_4L6LYsxrZ_4xE_U95AtGsIB96k9) | Дуже великий курс по AWS від ADV-IT |ru | | 350 | | **The Best AWS Cloud Projects To Get You Hired (For Beginners)** | [Youtube](https://www.youtube.com/watch?v=5RVT3BN9Iws&ab_channel=TechWithLucy) | 3 beginner-friendly AWS Cloud Projects you can start building today! |EN | | 351 | | **A Cloud Guru - Intro to AWS** | [educative.io](https://learn.acloud.guru/course/intro-to-aws/overview) | Practical AWS course |EN | | 352 | | **Udemy - AWS IAM - The easy explanation** | [udemy.com](https://www.udemy.com/course/aws-iam-training/) | Understand AWS IAM concepts like Authentication, Authorization, User, Groups, Roles and Policies |EN | | 353 | | **101 Days of DevOps** | [101daysofdevops.com](https://www.101daysofdevops.com/courses/101-days-of-devops/) | Free course for learning AWS and Kubernetets |EN | | 354 | 355 | ### Microsoft Azure 356 | 357 | | Name | URL | Description | Language | 358 | | :---------- | :---------- | :---------- | :----------: | 359 | | **Azure DevOps Roadmap** | [learn.microsoft.com](https://learn.microsoft.com/en-us/azure/devops/release-notes/features-timeline) | Learning Path by Microsoft |EN | | 360 | | **Getting Started with Cloud Computing using Microsoft Azure [Free Udemy]** | [Udemy](https://www.udemy.com/course/cloud-computing-using-microsoft-azure) | Free course for learning Microsoft Azure |EN | | 361 | | **Getting Started with Azure [Coursera Free Course]** | [Coursera](https://dev.to/javinpaul/7-free-courses-to-learn-microsoft-azure-cloud-platform-bg4) | Coursera course to learn the basics of the Microsoft Azure platform online |EN | | 362 | 363 | ### Google Cloud Platform 364 | 365 | | Name | URL | Description | Language | 366 | | :---------- | :---------- | :---------- | :----------: | 367 | | **Professional Cloud DevOps Engineer Certification** | [Google Cloud](https://cloud.google.com/learn/certification/cloud-devops-engineer) | Google Cloud Certification |EN | | 368 | | **Google Cloud** | [Youtube](https://www.youtube.com/playlist?list=PLg5SS_4L6LYs5IZZSY0viHRQFPa2P-R8H) | Курс по Google Cloud Platform ADV-IT |ru | | 369 | | **Google Cloud Platform for Beginners** | [Youtube](https://www.youtube.com/playlist?list=PL34sAs7_26wM4ETdsdrRrO1euoUtO4jF6) | Beginners tutorial on Google Cloud Platform |EN | | 370 | | **Google Cloud Platform Full Course** | [Youtube](https://www.youtube.com/watch?v=-pMtwYXSFK8&ab_channel=Simplilearn) | GCP tutorial, AWS vs GCP, GCP web hosting, Google cloud ML, GCP fundamentals, Google Cloud Platform Fundamentals (CP100A) Certification Training |EN | | 371 | 372 | 373 | 374 | ## Programming and Scripting 375 | 376 | **Розділ для вивчення програмування та автоматизації всього, що рухається.** 377 | 378 | ### Bash 379 | 380 | | Name | URL | Description | Language | 381 | | :---------- | :---------- | :---------- | :----------: | 382 | | **Bash Scripting Full Course 3 Hours** | [Youtube](https://www.youtube.com/watch?v=e7BufAVwDiM&ab_channel=linuxhint) | Bash Boot Camp Course |EN | | 383 | | **Course: Beginners Guide to the Terminal (Bash)** | [Youtube](https://www.youtube.com/playlist?list=PLYQSCk-qyTW0d88jNocdi_YIFMA5Fnpug) | Big Bash Scripting Course |EN | | 384 | | **Bash Scripting Tutorial** | [ryanstutorials.net](https://ryanstutorials.net/bash-scripting-tutorial/) | Big Bash Scripting Practical Tutorial |EN | | 385 | | **Шпаргалка по bash** | [github.com/cyberspacedk/BASH-Commands](https://github.com/cyberspacedk/BASH-Commands) | Шпаргалка базових команд Git Bash, терміналу OSX, терміналу linux |ru | | 386 | | **pure bash bible** | [github.com/dylanaraps/pure-bash-bible](https://github.com/dylanaraps/pure-bash-bible) | A collection of pure bash alternatives to external processes |EN | | 387 | 388 | #### Games for Bash learning 389 | 390 | | Name | URL | Description | Language | 391 | | :---------- | :---------- | :---------- | :----------: | 392 | | **Linux CLI Text Processing Exercises** | [github.com/learnbyexample](https://github.com/learnbyexample/TUI-apps/tree/main/CLI-Exercises) | This TUI application includes 60+ questions to test your CLI text processing skills |EN | | 393 | | **bashcrawl** | [gitlab.com/slackermedia](https://gitlab.com/slackermedia/bashcrawl) | Learn Linux commands by playing a simple text adventure |EN | | 394 | | **Terminus** | [web.mit.edu](https://web.mit.edu/mprat/Public/web/Terminus/Web/main.html) | Awesome Linux quest |EN | | 395 | | **The Command Line Murders** | [github.com/gannonk08](https://github.com/gannonk08/clmystery) | Awesome Linux detective |EN | | 396 | | **Bandit** | [overthewire.org](https://overthewire.org/wargames/bandit/bandit0.html) | Awesome hacker game |EN | | 397 | 398 | 399 | ### Powershell 400 | 401 | | Name | URL | Description | Language | 402 | | :---------- | :---------- | :---------- | :----------: | 403 | | **Командная оболочка PowerShell** | [Youtube](https://www.youtube.com/playlist?list=PL1aqAoC4A0sXnzbnAvIa36s8P3Ogo8FR_) | Навчальний курс "Командная оболочка PowerShell: путь к силе" |ru | | 404 | | **All things Microsoft PowerShell** | [Youtube](https://www.youtube.com/playlist?list=PLCGGtLsUjhm2k22nFHHdupAK0hSNZVfXi) | Everything you need to know to get started with PowerShell |EN | | 405 | 406 | ### Python 407 | 408 | | Name | URL | Description | Language | 409 | | :---------- | :---------- | :---------- | :----------: | 410 | | **ADV-IT Python для Начинающих** | [Youtube](https://www.youtube.com/playlist?list=PLg5SS_4L6LYtHCActBzbuGVYlWpLYqXC6) | Курс для знайомства з Python від ADV-IT |ru | | 411 | | **ADV-IT Python для НЕ Начинающих** | [Youtube](https://www.youtube.com/playlist?list=PLg5SS_4L6LYt7Wmh8zBKjZ_ltaoDXSEmk) | Курс для продовження вивчення Python від ADV-IT |ru | | 412 | | **Python Hub Studio** | [Youtube](https://www.youtube.com/@PythonHubStudio/playlists) | Непогані відео по Python та ООП |ru | | 413 | | **PythonToday** | [Youtube](https://www.youtube.com/@PythonToday/playlists) | Відео по Python, Linux та Pentesting |ru | | 414 | | **Python. Уровень 1. Базовый курс** | [Youtube](https://www.youtube.com/playlist?list=PLW-WSOmS5ONK3FQiV1XCmT24UtKuEYZ1j) | Добре структурований курс по основам Python |ru | | 415 | | **Python для сетевых инженеров** | [Youtube](https://www.youtube.com/playlist?list=PLah0HUih_ZRljCWNZp2N-YBVkgxiJZWEY) | Дуже корисний великий курс |ru | | 416 | | **Алгоритмы и структуры данных на Python 3** | [Youtube](https://www.youtube.com/playlist?list=PLRDzFCPr95fK7tr47883DFUbm4GeOjjc0) | Гарний курс по алгоритмам від Тимофія Хірʼянова |ru | | 417 | | **Python for Beginners** | [Youtube](https://www.youtube.com/playlist?list=PLlrxD0HtieHhS8VzuMCfQD4uJ9yne1mE6) | Python for Beginners from Microsoft Developer |EN | | 418 | | **More Python for Beginners** | [Youtube](https://www.youtube.com/playlist?list=PLlrxD0HtieHiXd-nEby-TMCoUNwhbLUnj) | Python for Beginners from Microsoft Developer p.2 |EN | | 419 | | **Even More Python for Beginners: Data Tools** | [Youtube](https://www.youtube.com/playlist?list=PLlrxD0HtieHiXd-nEby-TMCoUNwhbLUnj) | Python for Beginners from Microsoft Developer p.3 |EN | | 420 | | **The Last Algorithms Course You'll Need** | [frontendmasters.com](https://frontendmasters.com/courses/algorithms/) | Super fun, beginner-friendly data structures and algorithms course |EN | | 421 | | **"Поколение Python": курс для начинающих** | [stepik.org](https://stepik.org/course/58852) | Курс-тренажер, допомагає вивчити Python на практиці |ru | | 422 | | **Futurecoder** | [futurecoder.io](https://futurecoder.io/course/#toc) | Interactive Python training course |EN | | 423 | | **learnpython** | [learnpython.org](https://www.learnpython.org/) | Interactive Python tutorial |EN | | 424 | | **Learn Python 2** | [codecademy.com](https://www.codecademy.com/learn/learn-python) | Interactive Python training course |EN | | 425 | | **Python від NIX Education** | [education.nixsolutions.com](https://education.nixsolutions.com/course/view.php?id=16) | Безкоштовний курс по Python від NIX Solutions |UA/EN | | 426 | | **PythonNoobs** | [github.com/PythonNoobs/python_developer](https://github.com/PythonNoobs/python_developer) | Велика збірка ресурсів для навчання |ru | | 427 | | **Comprehensive Python Cheatsheet** | [github.com/gto76](https://github.com/gto76/python-cheatsheet) | Useful and nice Python cheatsheet |EN | | 428 | | **The Algorithms - Python** | [github.com/TheAlgorithms/Python](https://github.com/TheAlgorithms/Python) | All algorithms implemented in Python - for education |EN | | 429 | 430 | ### Go 431 | | Name | URL | Description | Language | 432 | | :---------- | :---------- | :---------- | :----------: | 433 | | **Основи Golang** | [Youtube](https://www.youtube.com/playlist?list=PLxMmZTMfwi9dem4tOwQ5BZl7OBy8pkw90) | Прикольний мінікурс про основи Go |UA | | 434 | | **Изучаем Golang** | [Youtube](https://www.youtube.com/playlist?list=PLc2Vkg57qmuRNHp6NNvYRVgg3OP-b5E_v) | Курс по Go для новачків |ru | | 435 | | **Изучаем Go** | [Youtube](https://www.youtube.com/playlist?list=PLQuaNOtBP3TpjiROGjy3-hEr5xL0fN9bX) | Додатковий міні-курс по Go з конкретними прикладами |ru | | 436 | | **Разработка & Язык Go** | [Youtube](https://www.youtube.com/playlist?list=PLbTTxxr-hMmxZMXsvaE-PozXxktdJ5zLR) | Курс по Go від Максима Жашкевича |ru | | 437 | | **Курс разработчика Golang** | [Youtube](https://www.youtube.com/playlist?list=PLysMDSbb9HcxpAb8lhnMaRpX890wSLz66) | Курс по Go від Uproger |ru | | 438 | | **Golang від NIX Education** | [education.nixsolutions.com](https://education.nixsolutions.com/course/view.php?id=12) | Безкоштовний курс по Go від NIX Solutions |UA/EN | | 439 | **Golang бесплатный курс с нуля** | [stepik.org](https://stepik.org/course/179158/syllabus) | Дуже простий базовий курс з GO |ru | | 440 | | **A Tour of Go** | [go.dev](https://go.dev/tour/welcome/1) | Practical self-studying GO course |EN | | 441 | | **Введение в программирование на Go** | [github.com/maxpoletaev/golang-book](https://github.com/maxpoletaev/golang-book) | Книга для навчання програмування мовою Go |ru | | 442 | | **gopherlings** | [github.com/soypat](https://github.com/soypat/gopherlings) | Learn Go by fixing tiny incorrect programs |EN | | 443 | | **The Algorithms - Go** | [github.com/TheAlgorithms/Go](https://github.com/TheAlgorithms/Go) | All algorithms implemented in Go - for education |EN | | 444 | 445 | ### Rust 446 | 447 | | Name | URL | Description | Language | 448 | | :---------- | :---------- | :---------- | :----------: | 449 | | **Rust - язык программирования с нуля** | [Youtube](https://www.youtube.com/playlist?list=PLQuaNOtBP3Tps9JrGMs76d_YbOGygrLUJ) | Курс по Rust для новачків |ru | | 450 | | **Rust Lang Lessons** | [Youtube](https://www.youtube.com/playlist?list=PLnalMG3z2RzF39Hg-PG-x_rH8Yr2ztYbV) | Уроки по Rust для новачків |ru | | 451 | 452 | 453 | ## SQL 454 | 455 | | Name | URL | Description | Language | 456 | | :---------- | :---------- | :---------- | :----------: | 457 | | **SQL Tutorial - Full Database Course for Beginners** | [Youtube](https://youtu.be/HXV3zeQKqGY?si=d6lG8GZByYtz2Fn5) | Курс по SQL для новачків |ru | | 458 | | **Learn SQL - Codecademy** | [codecademy.com](https://www.codecademy.com/learn/learn-sql) | Уроки по SQL для новачків |ru | | 459 | 460 | 461 | ## Monitoring 462 | 463 | | Name | URL | Description | Language | 464 | | :---------- | :---------- | :---------- | :----------: | 465 | | **DevOps monitoring** | [Youtube](https://www.youtube.com/playlist?list=PLBA2E_jkENLM711AP3zA1ybSVdZOOIB2H) | Курс по Grafana |ru | | 466 | | **Prometheus: быстрый старт** | [Youtube](https://www.youtube.com/watch?v=Fj2ifSWuPJc&ab_channel=OTUS%D0%9E%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD-%D0%BE%D0%B1%D1%80%D0%B0%D0%B7%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5) | Базове введення у Prometheus |ru | | 467 | | **Мониторинг кластера Kubernetes. Вечерняя школа Слёрма по Kubernetes** | [Youtube](https://www.youtube.com/watch?v=nkmP0-EDb1A&ab_channel=%D0%A1%D0%BB%D1%91%D1%80%D0%BC) | Відео з прикладами Prometheus+Grafana |ru | | 468 | | **Сбор метрик Spring Boot приложения Prometheus + Grafana** | [Youtube](https://www.youtube.com/watch?v=cOncBTpFQW8&ab_channel=kirya522-dev) | Відео з прикладами Prometheus+Grafana |ru | | 469 | | **Prometheus и PromQL — основы сбора метрик** | [Youtube](https://www.youtube.com/watch?v=WQmpeOvCCUY&ab_channel=RomanKunin) | Велике відео з прикладами Prometheus+PromQL |ru | | 470 | | **Prometheus + Grafana. Настраиваем 4 golden signals** | [Youtube](https://www.youtube.com/watch?v=Q_fKb0nrfCg&ab_channel=%D0%A1%D0%BB%D1%91%D1%80%D0%BC) | Опис базових підходів до моніторингу (RED, USE, 4 golden signals) |ru | | 471 | | **Организация мониторинга с помощью Grafana stack** | [Youtube](https://www.youtube.com/watch?v=cNXdock8RhY&ab_channel=OTUS%D0%9E%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD-%D0%BE%D0%B1%D1%80%D0%B0%D0%B7%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5) | Сетап Loki та Tempo. Визуалізація логів і трейсів у Grafana |ru | | 472 | 473 | 474 | 475 | ## DevSecOps 476 | 477 | **Розділ з вивчення побудови безпечного CI/CD знаходиться [тут](https://github.com/allozavrr/LearningDevOpsUkraine/blob/main/DevSecOps.md).** 478 | 479 | 480 | ## Interview 481 | 482 | **Самопідготовка та селф-чекінг.** 483 | 484 | | Name | URL | Description | Language | 485 | | :---------- | :---------- | :---------- | :----------: | 486 | | **Девопс и Поиск Работы в IT** | [Youtube](https://www.youtube.com/playlist?list=PLg5SS_4L6LYuu1RAT4l1tCkZrJzkIaNgL) | Плейлист з порадами з проходження інтервʼю від ADV-IT |ru | | 487 | | **Пошук роботи в ІТ. Як ефективно подаватись на вакансії. Проходимо рекрутмент-фільтр** | [Youtube](https://www.youtube.com/watch?v=RXX4AWGkR8o&ab_channel=DataDrivenDiscussions) | Випуск про те, як ефективно подаватись на вакансії, як пройти рекрутмент-фільтр |UA | | 488 | | **Прямий ефір: технічне інтерв'ю DevOps-джуніора** | [Youtube](https://www.youtube.com/watch?v=S-uAOt2ZLQw&ab_channel=EPAMUkraineCareer) | Питання, які можуть бути задані на технічній співбесіді на рівні джуніора |UA | | 489 | | **Співбесіда з DevOps. 300+ запитань для Junior, Middle, Senior** | [dou.ua](https://dou.ua/lenta/articles/interview-devops/) | Великий матеріал з питаннями для самопідготовки |UA | | 490 | | **Preparing for a DevOps Engineer Interview: A Comprehensive Guide** | [dev.to](https://dev.to/tutunak/preparing-for-a-devops-engineer-interview-a-comprehensive-guide-26n4) | Really useful manual for a DevOps Engineer Interview |EN | | 491 | | **SRE/DevOps Interview Questions — Linux Troubleshooting** | [awstip.com](https://awstip.com/sre-devops-interview-questions-linux-troubleshooting-1b8ffe82c16) | Troubleshooting questions for a DevOps/SRE Engineer Interview |EN | | 492 | 493 | 494 | 495 | ## English 496 | 497 | **London is the capital of Great Britain.** 498 | 499 | | Name | URL | Description | Language | 500 | | :---------- | :---------- | :---------- | :----------: | 501 | | **IT English** | [Youtube](https://www.youtube.com/playlist?list=PLOlyZEVllXBHY79lqGyc4odoVON1oSMQy) | Безкоштовний курс з англійської для програмістів та QA |EN/UA | | 502 | | **TECH English** | [Youtube](https://youtube.com/playlist?list=PLOwnXSCq7AoGRr7EuifDZiTAPpi9X1MER) | Ще один безкоштовний курс з англійської для програмістів та QA |EN/UA | | 503 | | **Английский для айтишников** | [Youtube](https://www.youtube.com/playlist?list=PL1rV860db3OapvkljZgZvK4ckaII-ZC7e) | І ще один безкоштовний курс з англійської для програмістів (доповнюється) |EN/ru | | 504 | -------------------------------------------------------------------------------- /DevSecOps.md: -------------------------------------------------------------------------------- 1 | # LearningDevOpsUkraine - DevSecOps 2 | 3 | **Доброго всім дня.** 4 | 5 | **Це невеличкий конспект з допомоги тим, хто хоче вивчати DevSecOps у 2023 році.** 6 | 7 | **Усі посилання зібрані в одній доці.** 8 | 9 | *Перелік не є закінченим. Доповнення і зауваження дуже вітаються.* 10 | 11 | *Також дякую телеграм-спільноті https://t.me/DevOpsMarathon та її очільнику - @edemus, 12 | телеграм-спільноті DevOps Geeks та україномовному каналу [DevOps 01](https://www.youtube.com/@DevOps01).* 13 | 14 | **[Don't stop believin'!!](https://www.youtube.com/watch?v=1k8craCGpgs&ab_channel=journeyVEVO)** 15 | 16 | 17 | # Table of Contents 18 | 19 | - **[Resourses](#resourses)** 20 | - **[YouTube](#youtube)** 21 | - **[Labs for vulnerability testing](#labs-for-vulnerability-testing)** 22 | - **[Maturity models](#maturity-models)** 23 | - **[Tools](#tools)** 24 | - **[Threat modeling](#threat-modeling)** 25 | - **[SAST](#sast)** 26 | - **[DAST](#dast)** 27 | - **[Secrets search](#secrets-search)** 28 | - **[Аналізатори сторонніх компонентів (SCA)](#аналізатори-сторонніх-компонентів-(sca))** 29 | - **[Тестування за принципами Behaviour Driven Development](#тестування-за-принципами-behaviour-driven-development)** 30 | - **[Сканери Docker образів](#сканери-docker-образів)** 31 | - **[Перевірка Docker / Kubernetes на відповідність](#перевірка-docker--kubernetes-на-відповідність)** 32 | - **[Безпека Kubernetes](#безпека-kubernetes)** 33 | - **[Container Runtime](#container-runtime)** 34 | - **[Runtime Security](#runtime-security)** 35 | - **[IAST](#iast)** 36 | - **[Fuzzing](#fuzzing)** 37 | - **[MAST](#mast)** 38 | - **[Vulnerability Management](#vulnerability-management)** 39 | - **[Application Security Orchestration and Correlation (ASOC)](#application-security-orchestration-and-correlation-(asoc))** 40 | - **[Compliance-as-code](#compliance-as-code)** 41 | - **[IAC Security](#iac-security)** 42 | - *[Kubernetes YAML validating](#kubernetes-yaml-validating)* 43 | - *[Порівняння інструментів](#порівняння-інструментів)* 44 | 45 | 46 | 47 | 48 | ## Resourses 49 | 50 | **Розділ з вивчення побудови безпечного CI/CD.** 51 | 52 | ### YouTube 53 | 54 | | Name | URL | Description | Meta/Language | 55 | | :---------- | :---------- | :---------- | :----------: | 56 | | **DevSecOps - Implementing Secure CI/CD Pipelines** | [Youtube](https://www.youtube.com/playlist?list=PLjNII-Jkdjfz5EXWlGMBRk63PC8uJsHMo) | Short videos for beginners in DevSecOps |EN | | 57 | | **Курсы по кибербезопасности с нуля до аналитика DevSecOps** | [Youtube](https://www.youtube.com/playlist?list=PLMiVLClzZDbTWSsxWfVvrvdyHgSa7Wvaw) | Введення у кібербезпеку |ru | | 58 | | **Информационная безопасность** | [Youtube](https://www.youtube.com/playlist?list=PLVb9C2cD47iyf_qh2bX2K4TzAutbsAPdq) | Підбірка відео з окремих аспектів DevSecOps |ru | | 59 | 60 | 61 | ### Links 62 | 63 | | Name | URL | Description | Meta/Language | 64 | | :---------- | :---------- | :---------- | :----------: | 65 | | **Simple Guide for Development and Operation** | [devsecopsguides.com](https://devsecopsguides.com/) | The most recommended omprehensive resource for integrating security into the software development lifecycle |EN | | 66 | | **Ultimate DevSecOps library** | [github.com/sberdachuk-epam/DevSecOps](https://github.com/sberdachuk-epam/DevSecOps) | Ultimate DevSecOps library |![Git Secrets](https://img.shields.io/github/stars/sberdachuk-epam/DevSecOps?style=for-the-badge) | 67 | | **DevSecOps Roadmap** | [github.com/hahwul/DevSecOps](https://github.com/hahwul/DevSecOps) | Ultimate DevSecOps library |![Git Secrets](https://img.shields.io/github/stars/hahwul/DevSecOps?style=for-the-badge) | 68 | | **Awesome DevSecOps** | [github.com/TaptuIT](https://github.com/TaptuIT/awesome-devsecops) | Curating the best DevSecOps resources and tooling |![Git Secrets](https://img.shields.io/github/stars/TaptuIT/awesome-devsecops?style=for-the-badge) | 69 | | **Awesome DevSecOps** | [github.com/devsecops](https://github.com/devsecops/awesome-devsecops) | A collection of documents, presentations, videos, training materials, tools, services |![Git Secrets](https://img.shields.io/github/stars/devsecops/awesome-devsecops?style=for-the-badge) | 70 | 71 | 72 | ### Maturity models 73 | 74 | | Name | URL | Description | Language | 75 | | :---------- | :---------- | :---------- | :----------: | 76 | | **OWASP SAMM** | [owaspsamm.org](https://owaspsamm.org/model/) | The prime maturity model for software assurance |EN | | 77 | | **OWASP Devsecops Maturity Model** | [owaspsamm.org](https://owasp.org/www-project-devsecops-maturity-model/) | Security measures which are applied when using DevOps strategies and how these can be prioritized |EN | | 78 | 79 | 80 | ### Labs for vulnerability testing 81 | 82 | | Name | URL | Description | Language | 83 | | :---------- | :---------- | :---------- | :----------: | 84 | | **How To Secure A Linux Server** | [github.com/imthenachoman](https://github.com/imthenachoman/How-To-Secure-A-Linux-Server) | An evolving how-to guide for securing a Linux server |EN | | 85 | | **CloudFoxable** | [github.com/BishopFox](https://github.com/BishopFox/cloudfoxable) | CloudFox helps penetration testers and security professionals find exploitable attack paths in cloud infrastructure |EN | | 86 | | **CloudGoat** | [github.com/RhinoSecurityLabs](https://github.com/RhinoSecurityLabs/cloudgoat) | CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool |EN | | 87 | | **OWASP ServerlessGoat** | [github.com/OWASP](https://github.com/OWASP/Serverless-Goat) | Educate on how serverless application layer weaknesses can be exploited |EN | | 88 | | **OWASP Wrongsecrets** | [github.com/OWASP](https://github.com/OWASP/wrongsecrets) | The game is packed with real life examples of how to not store secrets in your software |EN | | 89 | | **AWS S3 CTF Challenges** | [n0j.github.io](https://n0j.github.io/2017/10/02/aws-s3-ctf.html) | Series of brief challenges focusing on AWS S3 misconfiguration for the CTF at AppSec USA 2017 and CactusCon 2017 |EN | | 90 | | **Breaking and Pwning Apps and Servers on AWS and Azure** | [github.com/appsecco](https://github.com/appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training) | The training is meant to be a hands-on training with guided walkthroughs, scenario based attacks, coverage of tool that can be used for attacking and auditing |EN | | 91 | | **Sadcloud** | [github.com/nccgroup/sadcloud](https://github.com/nccgroup/sadcloud) | Sadcloud is a tool for spinning up insecure AWS infrastructure with Terraform |EN | | 92 | | **Damn Vulnerable Cloud Application** | [github.com/m6a-UdS/dvca](https://github.com/m6a-UdS/dvca) | A demonstration project to show how to do privilege escalation on AWS |EN | | 93 | | **AWS Detonation Lab** | [github.com/sonofagl1tch](https://github.com/sonofagl1tch/AWSDetonationLab) | Scripts can be used as proof-of-concept to generate a detonation lab via a cloudformation template (AWS) |EN | | 94 | | **lambhack** | [github.com/wickett/lambhack](https://github.com/wickett/lambhack) | Allows you to take advantage of our tried and true application security problems, namely arbitrary code execution, XSS, injection attacks aand more (AWS) |EN | | 95 | | **Cfngoat - Vulnerable Cloudformation Template** | [github.com/bridgecrewio/cfngoat](https://github.com/bridgecrewio/cfngoat) | A learning and training project that demonstrates how common configuration errors can find their way into production cloud environments |EN | | 96 | | **CdkGoat - Vulnerable AWS CDK Infrastructure** | [github.com/bridgecrewio/cdkgoat](https://github.com/bridgecrewio/cdkgoat) | Another learning and training project that demonstrates how common configuration errors can find their way into production cloud environments |EN | | 97 | | **AWSGoat : A Damn Vulnerable AWS Infrastructure** | [github.com/ine-labs/AWSGoat](https://github.com/ine-labs/AWSGoat) | Learning and training AWS cloud pentesting/red-teaming, auditing IaC, secure coding, detection and mitigation |EN | | 98 | | **AWSGoat : A Damn Vulnerable Azure Infrastructure** | [github.com/ine-labs/AzureGoat](https://github.com/ine-labs/AzureGoat) | Learning and training Azure cloud pentesting/red-teaming, auditing IaC, secure coding, detection and mitigation |EN | | 99 | | **CONVEX** | [github.com/Azure/CONVEX](https://github.com/Azure/CONVEX) | Spins up Capture The Flag environments in your Azure tenant for participants to play through |EN | | 100 | | **caponeme** | [github.com/avishayil/caponeme](https://github.com/avishayil/caponeme) | A vulnerable cloud environment that meant to mock Capital One Breach for educational purposes |EN | | 101 | | **TerraGoat - Vulnerable Terraform Infrastructure** | [github.com/bridgecrewio/terragoat](https://github.com/bridgecrewio/terragoat) | A learning and training project that demonstrates how common configuration errors can find their way into production cloud environments |EN | | 102 | | **IAM Vulnerable** | [github.com/BishopFox/iam-vulnerable](https://github.com/BishopFox/iam-vulnerable) | Learning how to identify and exploit vulnerable IAM configurations that allow for privilege escalation |EN | | 103 | | **Web-Check** | [github.com/Lissy93](https://github.com/Lissy93/web-check) | Comprehensive, on-demand open source intelligence for any website |EN | | 104 | | **Penetration Testing, Beginners To Expert!** | [github.com/xalgord](https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes) | Web Application Penetration Testing for everyone |EN | | 105 | | **TryHackMe** | [tryhackme.com](https://tryhackme.com/) | Learning cyber security |EN | | 106 | | **Hack The Box** | [hackthebox.com](https://www.hackthebox.com/) | The #1 cybersecurity upskilling platform |EN | | 107 | | **OWASP Juice Shop** | [owasp.org](https://owasp.org/www-project-juice-shop/) | Game/tutorial teaches you in security trainings, awareness demos, CTFs and as a guinea pig for security tools |EN | | 108 | | **Flaws** | [flaws.cloud](http://flaws.cloud/) | Game/tutorial teaches you AWS (Amazon Web Services) security concepts |EN | | 109 | | **Flaws2** | [flaws2.cloud](http://flaws2.cloud/) | Another game/tutorial teaches you AWS (Amazon Web Services) security concepts |EN | | 110 | | **AWS Well-Architected Labs** | [wellarchitectedlabs.com](https://wellarchitectedlabs.com/security/) | Through a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS) |EN | | 111 | | **CTF 101 worklab** | [r00tz-ctf.awssecworkshops.com](https://r00tz-ctf.awssecworkshops.com/) | Security CTF 101 worklab, sponsored by Amazon Web Services Security |EN | | 112 | | **Thunder CTF** | [thunder-ctf.cloud](http://thunder-ctf.cloud/) | Thunder CTF allows players to practice attacking vulnerable cloud projects on Google Cloud Platform (GCP) |EN | | 113 | | **The Big IAM Challenge by Wiz** | [bigiamchallenge.com](https://bigiamchallenge.com/challenge/1) | Put yourself to the test with our unique CTF challenge and boost your AWS IAM knowledge |EN | | 114 | | **PenTesting.Cloud** | [pentesting.cloud](https://pentesting.cloud/) | A free pentesting learning platform |EN | | 115 | | **GCP Goat** | [gcpgoat.joshuajebaraj.com](https://gcpgoat.joshuajebaraj.com/index.html) | Intentionally vulnerable GCP environment to learn and practice GCP Security |EN | | 116 | 117 | ## Articles 118 | | Name | URL | Description | Language | 119 | | :---------- | :---------- | :---------- | :----------: | 120 | | **How Secrets Leak in CI/CD Pipelines** | [trufflesecurity.com](https://trufflesecurity.com/blog/secrets-leak-in-ci-cd/) | How to searh Secrets in CI/CD |EN | | 121 | 122 | ## Tools 123 | 124 | **Інструменти, які використовуються у DevSecOps.** 125 | 126 | ### Threat modeling 127 | 128 | *Моделювання загроз у контексті Secure Development Lifecycle - це процес аналізу архітектури ПЗ щодо наявності в ній потенційних уразливостей та небезпечних технологій. Воно потрібне для впровадження процесу перевірок ІБ ще на етапі проектування архітектури. На цьому ж етапі формуються вимоги з боку фахівців з безпеки додатків, які надалі йдуть у backlog.* 129 | 130 | | Name | URL | Description | Language | 131 | | :---------- | :---------- | :---------- | :----------: | 132 | | **Awesome Threat Modeling** | [github.com/hysnsec](https://github.com/hysnsec/awesome-threat-modelling) | A curated list of threat modeling resources (books, courses - free and paid, videos, tools, tutorials and workshop to practice on) for learning |EN | | 133 | 134 | **Open-source** 135 | 136 | | Name | URL | Description | Language | 137 | | :---------- | :---------- | :---------- | :----------: | 138 | | **OWASP Threat Dragon** | [owasp.org](https://owasp.org/www-project-threat-dragon/) | Modeling tool used to create threat model diagrams as part of a secure development lifecycle |EN | | 139 | | **Microsoft Threat Modeling Tool** | [learn.microsoft.com](https://learn.microsoft.com/en-gb/azure/security/develop/threat-modeling-tool) | The Threat Modeling Tool is a core element of the Microsoft Security Development Lifecycle (SDL) |EN | | 140 | | **pytm: A Pythonic framework for threat modeling** | [github.com/izarg](https://github.com/izar/pytm) | Shift threat modeling to the left, making threat modeling more automated and developer-centric |EN | | 141 | | **materialize threats** | [github.com/secmerc](https://github.com/secmerc/materialize-threats) | Developers and security practitioners who want to perform 'graph' analysis on data flow diagrams - using SQL |EN | | 142 | | **threatspec** | [github.com/threatspec](https://github.com/threatspec/threatspec) | Developers and security practitioners who want to threat modeling annotations as comments inside source code |EN | | 143 | | **The Raindance Project** | [github.com/devsecops](https://github.com/devsecops/raindance) | The attack map process for identifying target surface and adversary attack strategies that lead to exploit and compromise |EN | | 144 | | **threagile** | [github.com/Threagile](https://github.com/Threagile/threagile) | The open-source toolkit for agile threat modeling |EN | | 145 | 146 | **Paid (enterprise)** 147 | 148 | | Name | URL | Description | Language | 149 | | :---------- | :---------- | :---------- | :----------: | 150 | | **Iriusrisk** | [iriusrisk.com](https://www.iriusrisk.com/) | Modeling platform automates the threat modeling process, enabling developers to design and build secure software |EN | | 151 | | **Iriusrisk** | [threatmodeler.com](https://threatmodeler.com/) | Modeling platform can securely design, build and validate from development through deployment |EN | | 152 | 153 | ### SAST (Статичні аналізатори апплікацій) 154 | 155 | *Статичний аналізатор коду - інструмент, що повідомляє про вразливість програми, орієнтуючись на її вихідні коди.* 156 | 157 | **SAST in details** 158 | 159 | | Name | URL | Description | Language | 160 | | :---------- | :---------- | :---------- | :----------: | 161 | | **OWASP Source Code Analysis Tools** | [owasp.org](https://owasp.org/www-community/Source_Code_Analysis_Tools) | SAST tools for all programming languages |EN | | 162 | | **Static Analysis Tools** | [github.com/analysis-tools-dev](https://github.com/analysis-tools-dev/static-analysis) | Static analysis tools for all programming languages, build tools, config files and more |EN | | 163 | 164 | **Open-source** 165 | 166 | | Name | URL | Description | Language | 167 | | :---------- | :---------- | :---------- | :----------: | 168 | | **ShiftLeft Scan** | [github.com/ShiftLeftSecurity](https://github.com/ShiftLeftSecurity/sast-scan) | Scan can detect various kinds of security flaws in your application, and infrastructure code without any remote server |EN | | 169 | | **Salus** | [github.com/coinbase](https://github.com/coinbase/salus) | A tool for coordinating the execution of security scanners |EN | | 170 | | **HuskyCI** | [github.com/globocom](https://github.com/globocom/huskyci) | An open source tool that orchestrates security tests and centralizes all results into a database for further analysis and metrics |EN | | 171 | | **Graudit** | [github.com/wireghoul](https://github.com/wireghoul/graudit/) | A simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep |EN | | 172 | | **RIPS** | [github.com/robocoder](https://github.com/robocoder/rips-scanner) | A static source code analyser for vulnerabilities in PHP scripts |EN | | 173 | | **Joern** | [github.com/joernio](https://github.com/joernio/joern) | Platform for analyzing source code, bytecode, and binary executables |EN | | 174 | | **CodeQL** | [securitylab.github.com](https://securitylab.github.com/tools/codeql/) | CodeQL lets you query code as though it were data |EN | | 175 | | **Semgrep** | [semgrep.dev](https://semgrep.dev/editor) | Platform for analyzing source code, bytecode, and binary executables |EN | | 176 | | **RIPS** | [github.com/robocoder](https://github.com/robocoder/rips-scanner) | A static source code analyser for vulnerabilities in PHP scripts |EN | | 177 | 178 | **Paid (enterprise)** 179 | 180 | | Name | URL | Description | Language | 181 | | :---------- | :---------- | :---------- | :----------: | 182 | | **Checkmarx** | [checkmarx.com](https://checkmarx.com/) | Platform for securing every phase of development |EN | | 183 | | **PT AI** | [ptsecurity.com](https://www.ptsecurity.com/ww-en/products/ai/) | Only source code analyzer providing analysis and convenient tools to automatically confirm vulnerabilities |EN | | 184 | | **Veracode Static Analysis** | [veracode.com](https://www.veracode.com/products/binary-static-analysis-sast) | Only source code analyzer providing analysis and convenient tools to automatically confirm vulnerabilities |EN | | 185 | | **Veracode Static Analysis** | [veracode.com](https://www.veracode.com/products/binary-static-analysis-sast) | Scan code at each development stage with IDE, Pipeline, and Policy scans |EN | | 186 | 187 | ### DAST (Динамічні аналізатори апплікацій) 188 | 189 | *Динамічний аналізатор коду - інструмент, що повідомляє про вразливість програми, орієнтуючись на відповіді сервера по завданим запитам.* 190 | 191 | **DAST in details** 192 | 193 | | Name | URL | Description | Language | 194 | | :---------- | :---------- | :---------- | :----------: | 195 | | **Awesome DAST** | [github.com/analysis-tools-dev](https://github.com/analysis-tools-dev/dynamic-analysis/) | DAST tools for all programming languages |EN | | 196 | 197 | **Open-source** 198 | 199 | | Name | URL | Description | Language | 200 | | :---------- | :---------- | :---------- | :----------: | 201 | | **Arachni** | [github.com/Arachni](https://github.com/Arachni/arachni) | Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications |EN | | 202 | | **OWASP ZAP** | [github.com/zaproxy](https://github.com/zaproxy/zaproxy) | Automatically find security vulnerabilities in your web applications |EN | | 203 | | **w3af** | [github.com/andresriancho](https://github.com/andresriancho/w3af) | Open source web application security scanner |EN | | 204 | | **Nikto** | [github.com/sullo](https://github.com/sullo/nikto) | Web server scanner |EN | | 205 | | **N.E.R.V.E** | [github.com/PaytmLabs](https://github.com/PaytmLabs/nerve) | Vulnerability scanner tailored to find low-hanging fruit level vulnerabilities |EN | | 206 | | **Nuclei** | [github.com/projectdiscovery](https://github.com/projectdiscovery/nuclei) | Scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless |EN | | 207 | | **Automatic API Attack Tool** | [github.com/imperva](https://github.com/imperva/automatic-api-attack-tool) | API attack tool |EN | | 208 | | **Wapiti** | [github.com/wapiti-scanner](https://github.com/wapiti-scanner/wapiti) | Web vulnerability scanner written in Python |EN | | 209 | | **Vega** | [github.com/subgraph](https://github.com/subgraph/Vega) | Web vulnerability scanner written in Java |EN | | 210 | 211 | **Paid (enterprise)** 212 | 213 | | Name | URL | Description | Language | 214 | | :---------- | :---------- | :---------- | :----------: | 215 | | **PortSwigger Burp Suite** | [portswigger.net](https://portswigger.net/burp) | The enterprise-enabled dynamic web vulnerability scanner |EN | | 216 | | **NetSparker** | [nvicti.com](https://www.invicti.com/) | Application security testing for enterprise |EN | | 217 | | **Acunetix** | [acunetix.com](https://www.acunetix.com/) | Automate application security testing |EN | | 218 | | **WebInspect** | [microfocus.com](https://www.microfocus.com/en-us/cyberres/application-security/webinspect) | Automated dynamic testing solution that provides comprehensive vulnerability detection |EN | | 219 | | **PT AI** | [ptsecurity.com](https://www.ptsecurity.com/ww-en/products/ai/) | Source code analyzer providing high-quality analysis and convenient tools to automatically confirm vulnerabilities |EN | | 220 | | **Veracode** | [veracode.com](https://www.veracode.com/products/dynamic-analysis-dast) | Dynamic testing tool Crashtest Security showing a growing focus in DAST |EN | | 221 | | **Tenable Web App Scanning** | [tenable.com](https://www.tenable.com/products/tenable-io/web-application-scanning) | Simple, Scalable and Automated Vulnerability Scanning for Web Applications |EN | | 222 | 223 | ### Secrets search 224 | 225 | *Інструменти для пошуку чутливої інформації.* 226 | 227 | **Open-source** 228 | 229 | | Name | URL | Description | Language | 230 | | :---------- | :---------- | :---------- | :----------: | 231 | | **git-secrets** | [github.com/awslabs](https://github.com/awslabs/git-secrets) | Prevents you from committing passwords and other sensitive information to a git repository |EN | | 232 | | **Gitrob** | [github.com/michenriksen](https://github.com/michenriksen/gitrob) | Find potentially sensitive files pushed to public repositories on Github |EN | | 233 | | **Gitleaks** | [github.com/gitleaks](https://github.com/gitleaks/gitleaks) | SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos |EN | | 234 | | **TruffleHog** | [github.com/trufflesecurity](https://github.com/trufflesecurity/trufflehog) | Tool for detecting and preventing secrets in GitHub Repo/S3 bucket |EN | | 235 | | **TruffleHog** | [github.com/trufflesecurity](https://github.com/trufflesecurity/trufflehog) | Tool for detecting and preventing secrets in GitHub Repo/S3 bucket |EN | | 236 | | **Talisman** | [github.com/thoughtworks](https://github.com/thoughtworks/talisman) | Tool that installs a hook to your repository to ensure that potential secrets or sensitive information |EN | | 237 | | **Slack Watchman** | [github.com/PaperMtn](https://github.com/PaperMtn/slack-watchman) | Monitoring and enumerating Slack for exposed secrets |EN | | 238 | | **GitLab Watchman** | [github.com/PaperMtn](https://github.com/PaperMtn/gitlab-watchman) | Application that uses the GitLab API to detect exposed secrets and personal data |EN | | 239 | | **Rusty Hog** | [github.com/newrelic](https://github.com/newrelic/rusty-hog) | Set of scanners that use regular expressions to try and detect the presence of sensitive information, such as API keys, passwords, and personal information |EN | | 240 | | **Rusty Hog** | [github.com/newrelic](https://github.com/newrelic/rusty-hog) | Set of scanners that use regular expressions to try and detect the presence of sensitive information, such as API keys, passwords, and personal information |EN | | 241 | | **detect-secrets** | [github.com/Yelp](https://github.com/Yelp/detect-secrets) | Aptly named module for detecting secrets within a code base |EN | | 242 | | **repo-supervisor** | [github.com/auth0](https://github.com/auth0/repo-supervisor) | Tool that helps you to detect secrets and passwords in your code |EN | | 243 | 244 | **Paid (enterprise)** 245 | 246 | | Name | URL | Description | Language | 247 | | :---------- | :---------- | :---------- | :----------: | 248 | | **GitGuardian** | [gitguardian.com](https://www.gitguardian.com/) | Scan and fix hardcoded secrets in source code, CI/CD pipelines, and developer productivity tools |EN | | 249 | | **SpectralOps** | [spectralops.io](https://spectralops.io/) | Monitor, classify, and protect your code, assets, and infrastructure for exposed API keys, tokens, credentials, and high-risk security misconfigurations |EN | | 250 | 251 | ### Аналізатори сторонніх компонентів (SCA) 252 | 253 | *Аналізатор сторонніх компонентів - інструмент, що здійснює пошук вразливостей у сторонніх open-source компонентах, які підключені до проекту* 254 | 255 | | Name | URL | Description | Language | 256 | | :---------- | :---------- | :---------- | :----------: | 257 | | **OWASP Composition Analysis** | [owasp.org](https://owasp.org/www-community/Component_Analysis) | OWASP Tools Listing |EN | | 258 | 259 | **Open-source** 260 | 261 | | Name | URL | Description | Language | 262 | | :---------- | :---------- | :---------- | :----------: | 263 | | **Dependency check** | [github.com/jeremylong](https://github.com/jeremylong/DependencyCheck) | SCA tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies |EN | | 264 | | **Dependency Track** | [dependencytrack.org](https://dependencytrack.org/) | Continuous SBOM Analysis Platform |EN | | 265 | | **Nexus Vulnerability Scanner** | [sonatype.com](https://www.sonatype.com/products/vulnerability-scanner) | Tool to find out if your software has any open source security vulnerabilities |EN | | 266 | | **ClearlyDefined** | [clearlydefined.io](https://clearlydefined.io/?sortDesc=true&sort=releaseDate) | Search and check SCA in one platform |EN | | 267 | | **Renovate** | [mend.io](https://www.mend.io/renovate/) | Scans your software, discovers dependencies, automatically checks to see if an updated version exists, and helps you by submitting automated pull requests |EN | | 268 | 269 | **Paid (enterprise)** 270 | 271 | | Name | URL | Description | Language | 272 | | :---------- | :---------- | :---------- | :----------: | 273 | | **Sonatype Nexus IQ** | [sonatype.com](https://www.sonatype.com/products/intelligence) | Open Source Components Analyzed |EN | | 274 | | **Veracode SCA** | [veracode.com](https://www.veracode.com/products/software-composition-analysis) | Strong Performer in SCA Wave |EN | | 275 | | **Snyk Open Source** | [snyk.io](https://snyk.io/product/open-source-security-management/) | Tool provides advanced software composition analysis (SCA) backed by industry-leading security and application intelligence |EN | | 276 | | **WhiteSource for Developers** | [mend.io](https://www.mend.io/native-integrations-for-developers-environments/) | Keep your open source components secure and compliant throughout the development lifecycle from inside your environments |EN | | 277 | | **JFrog XRay** | [jfrog.com](https://jfrog.com/xray/) | End-to-End Software Supply Chain Security powered by the JFrog Platform |EN | | 278 | | **Black Duck** | [synopsys.com](https://www.synopsys.com/software-integrity/security-testing/software-composition-analysis.html) | Tool helps manage the security, quality, and license compliance risks that come from the use of open source and third-party code in applications and containers |EN | | 279 | 280 | ### Тестування за принципами Behaviour Driven Development 281 | 282 | *Фреймворки, що дозволяють описувати перевірки за методологією BDD* 283 | 284 | **Open-source** 285 | 286 | | Name | URL | Description | Language | 287 | | :---------- | :---------- | :---------- | :----------: | 288 | | **BDD-Security** | [github.com/iriusrisk](https://github.com/iriusrisk/bdd-security) | Security testing framework that uses Behaviour Driven Development concepts to create self-verifying security specifications |EN | | 289 | | **Gauntlt** | [github.com/michenriksen](https://gauntlt/gauntlt/gauntlt) | Ruggedization framework that enables security testing that is usable by devs, ops and security |EN | | 290 | 291 | ### Сканери Docker образів 292 | 293 | *Інструменти, спрямовані на пошук вразливостей в образах контейнерів* 294 | 295 | | Name | URL | Description | Language | 296 | | :---------- | :---------- | :---------- | :----------: | 297 | | **29 Docker security tools compared** | [sysdig.com](https://sysdig.com/blog/20-docker-security-tools/) | Alphabetical index of Docker Security tools |EN | | 298 | | **Awesome Container Security** | [github.com/kai5263499](https://github.com/kai5263499/awesome-container-security) | A collection of container related security resources |EN | | 299 | | **Awesome Docker Security** | [github.com/myugan](https://github.com/myugan/awesome-docker-security) | List of awesome resources about docker security included books, blogs, video, tools and cases |EN | | 300 | 301 | **Open-source** 302 | 303 | | Name | URL | Description | Language | 304 | | :---------- | :---------- | :---------- | :----------: | 305 | | **Clair** | [github.com/quay](https://github.com/quay/clair) | Open Source project for the static analysis of vulnerabilities in application containers |EN | | 306 | | **Trivy** | [github.com/aquasecurity](https://github.com/aquasecurity/trivy) | Comprehensive and versatile security scanner |EN | | 307 | | **Anchore** | [github.com/anchore](https://github.com/anchore/anchore-cli) | Command line interface on top of the Anchore Engine REST API |EN | | 308 | | **Dagda** | [github.com/eliasgranderubio](https://github.com/eliasgranderubio/dagda/) | Tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images |EN | | 309 | | **whalescan** | [github.com/nccgroup](https://github.com/nccgroup/whalescan) | Vulnerability scanner for Windows containers, which performs several benchmark checks, as well as checking for CVEs/vulnerable packages on the container |EN | | 310 | | **grype** | [github.com/nccgroup](https://github.com/nccgroup/whalescan) | Vulnerability scanner for container images and filesystems |EN | | 311 | | **syft** | [github.com/anchore](https://github.com/anchore/syft) | CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems |EN | | 312 | 313 | **Paid (enterprise)** 314 | 315 | | Name | URL | Description | Language | 316 | | :---------- | :---------- | :---------- | :----------: | 317 | | **Snyk Container** | [snyk.io](https://snyk.io/product/container-vulnerability-management/) | Container and Kubernetes security that helps developers and DevOps find, prioritize, and fix vulnerabilities throughout the SDLC |EN | | 318 | | **TrendMicro SmartCheck** | [trendmicro.com](https://www.trendmicro.com/en_us/business/products/hybrid-cloud/cloud-one-container-image-security.html) | Simplify security for your cloud-native applications with advanced container image scanning |EN | | 319 | | **WhiteSource for containers** | [mend.io](https://www.mend.io/solution-for-containers/) | Scans container images for multiple sources of risk, including open source vulnerabilities (CVEs), license policy violations, and exposed secret |EN | | 320 | | **Sonatype Container** | [sonatype.com](https://www.sonatype.com/products/containerl) | Run automated tests for security compliance to ensure you catch vulnerabilities early in the container development cycle |EN | | 321 | 322 | ### Перевірка Docker / Kubernetes на відповідність 323 | 324 | *Інструменти для перевірки Docker / Kubernetes ресурсу на відповідність CIS/PCI DSS* 325 | 326 | **Open-source** 327 | 328 | | Name | URL | Description | Language | 329 | | :---------- | :---------- | :---------- | :----------: | 330 | | **Docker bench** | [github.com/docker](https://github.com/docker/docker-bench-security) | Open-source utility so the Docker community can have an easy way to self-assess their hosts and Docker containers against this benchmark |EN | | 331 | | **Dockle** | [github.com/goodwithtech](https://github.com/goodwithtech/dockle) | Container image linter for security, helping build the best-practice Docker Image |EN | | 332 | | **Kubebench** | [github.com/aquasecurity](https://github.com/aquasecurity/kube-bench) | Tool that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark |EN | | 333 | 334 | 335 | 336 | ### Безпека Kubernetes 337 | 338 | *Інструменти для перевірки безпеки Kubernetes* 339 | 340 | | Name | URL | Description | Language | 341 | | :---------- | :---------- | :---------- | :----------: | 342 | | **Kubernetes Security Checklist and Requirements - All in One** | [github.com/Vinum-Security](https://github.com/Vinum-Security/kubernetes-security-checklist/blob/main/README.md) | Way to make your cluster secure |EN | | 343 | | **Awesome Kubernetes Security** | [github.com/ksoclabs](https://github.com/ksoclabs/awesome-kubernetes-security) | A curated list of awesome Kubernetes security resources |EN | | 344 | | **Awesome k8s Security** | [github.com/magnologan](https://github.com/magnologan/awesome-k8s-security) | A curated list for Kubernetes (K8s) Security resources such as articles, books, tools, talks and videos |EN | | 345 | 346 | 347 | **Open-source** 348 | 349 | | Name | URL | Description | Language | 350 | | :---------- | :---------- | :---------- | :----------: | 351 | | **Kubehunter** | [github.com/aquasecurity](https://github.com/aquasecurity/kube-hunter) | Increase awareness and visibility for security issues in Kubernetes environments |EN | | 352 | | **KubiScan** | [github.com/cyberark](https://github.com/cyberark/KubiScan) | A tool for scanning Kubernetes cluster for risky permissions in Kubernetes's Role-based access control (RBAC) authorization model |EN | | 353 | | **Krane** | [github.com/appvia](https://github.com/appvia/krane) | Kubernetes RBAC static analysis tool |EN | | 354 | | **Statboard** | [github.com/aquasecurity](https://github.com/aquasecurity/starboard) | Security tools in the cloud native world for identifying and informing about security issues in Kubernetes |EN | | 355 | | **Kubeaudit** | [github.com/Shopify](https://github.com/Shopify/kubeaudit) | Command line tool and a Go package to audit Kubernetes clusters for various different security concerns |EN | | 356 | | **Kubesec** | [github.com/controlplaneio](https://github.com/controlplaneio/kubesec) | Security risk analysis for Kubernetes resources |EN | | 357 | | **audit2rbac** | [github.com/liggitt](https://github.com/liggitt/audit2rbac) | Tool takes a Kubernetes audit log and username as input, and generates RBAC role and binding objects that cover all the API requests made by that user |EN | | 358 | | **KubeClarity** | [github.com/openclarity](https://github.com/openclarity/kubeclarity) | Tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems |EN | | 359 | | **Kubestriker** | [github.com/vchinnipilli](https://github.com/vchinnipilli/kubestriker) | Tool designed to tackle Kuberenetes cluster security issues due to misconfigurations and will help strengthen the overall IT infrastructure of any organisation |EN | | 360 | | **CDK - Zero Dependency Container Penetration Toolkit** | [github.com/cdk-team](https://github.com/cdk-team/CDK) | Open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency |EN | | 361 | 362 | **Paid (enterprise)** 363 | 364 | | Name | URL | Description | Language | 365 | | :---------- | :---------- | :---------- | :----------: | 366 | | **Veracode IAST** | [veracode.com](https://www.veracode.com/products/container-security) | Integrate container security seamlessly into your existing pipeline |EN | | 367 | 368 | 369 | ### Container Runtime 370 | 371 | *Інструменти для слідкування за поведінкою контейнерів у Runtime* 372 | 373 | **Open-source** 374 | 375 | | Name | URL | Description | Language | 376 | | :---------- | :---------- | :---------- | :----------: | 377 | | **Sysdig Falco** | [github.com/falcosecurity](https://github.com/falcosecurity/falco) | Сloud native runtime security tool for Linux operating systems |EN | | 378 | | **Deepfence Runtime Threat Mapper** | [github.com/deepfence](https://github.com/deepfence/ThreatMapper) | Сombination of agent-based inspection and agent-less monitoring to provide the widest possible coverage to detect threats |EN | | 379 | | **Stackrox** | [github.com/stackrox](https://github.com/stackrox/) | Сontainer security platform reduces the attack surface, ensures compliance, and stops attacks |EN | | 380 | 381 | **Paid Cloud Native Security Platform (enterprise)** 382 | 383 | | Name | URL | Description | Language | 384 | | :---------- | :---------- | :---------- | :----------: | 385 | | **Aqua CSP** | [aquasec.com](https://www.aquasec.com/aqua-cloud-native-security-platform/) | Accelerate secure innovation and protect your entire development lifecycle from code to cloud and back |EN | | 386 | | **Aqua CSPM** | [aquasec.com](https://www.aquasec.com/products/cspm/) | Identify, prioritize, and remediate the most critical cloud security risks in real-time |EN | | 387 | | **Prisma Cloud Compute** | [paloaltonetworks.com](https://www.paloaltonetworks.com/prisma/cloud) | Prisma Cloud secures applications from code to cloud |EN | | 388 | | **NeuVector** | [suse.com](https://www.suse.com/neuvector/) | Continuously scan throughout the container lifecycle |EN | | 389 | | **Sysdig** | [sysdig.com](https://sysdig.com/products/secure/) | Find and prioritize vulnerabilities, detect and respond to threats and anomalies and manage configurations, permissions, and compliance |EN | | 390 | | **Tenable.io Container Security** | [tenable.com](https://www.tenable.com/products/tenable-cs) | Apply, monitor and report on security and compliance policies across multi-cloud environments |EN | | 391 | | **Skyhigh** | [skyhighsecurity.com](https://www.skyhighsecurity.com/products/cloud-access-security-broker.html) | Secure corporate data in cloud applications from exfiltration to unauthorized users or devices while keeping your employees productive |EN | | 392 | | **TrendMicro CloudOne** | [trendmicro.com](https://www.trendmicro.com/en_us/business/products/hybrid-cloud/cloud-one-container-image-security.html) | Advanced container image scanning, policy-based admission control, and container runtime protection |EN | | 393 | | **Qualys Container Security** | [qualys.com](https://www.qualys.com/apps/container-security/) | Discover, track and continuously secure containers – from build to runtime |EN | | 394 | 395 | ### Runtime Security 396 | 397 | *Інструменти для перевірки веб-застосунків у Runtime* 398 | 399 | **Open-source** 400 | 401 | | Name | URL | Description | Language | 402 | | :---------- | :---------- | :---------- | :----------: | 403 | | **RASP** | [github.com/baidu](https://github.com/baidu/openrasp) | Tool can monitor various events including database queries, file operations and network requests etc |EN | | 404 | | **Modsecurity** | [github.com/SpiderLabs](https://github.com/SpiderLabs/ModSecurity) | Cross platform web application firewall (WAF) engine for Apache, IIS and Nginx |EN | | 405 | | **Dynatrace Community Edition** | [github.com/Dynatrace](https://github.com/Dynatrace) | Analytics and automation platform powered by causal AI. It has a paid version |EN | | 406 | 407 | **Paid (enterprise)** 408 | 409 | | Name | URL | Description | Language | 410 | | :---------- | :---------- | :---------- | :----------: | 411 | | **Dynatrace Community Edition** | [dynatrace.com](https://www.dynatrace.com/) | Paid version of Dynatrace - Analytics and automation platform powered by causal AI |EN | | 412 | | **Datadog** | [datadoghq.com](https://www.datadoghq.com/product/application-security-management/) | Production visibility and security for your web applications and APIs |EN | | 413 | | **Waratek** | [waratek.com](https://waratek.com/) | The Application Security platform for enterprise Java applications and APIs |EN | | 414 | 415 | 416 | ### IAST 417 | 418 | *Інструменти, що поєднують практики SAST та DAST* 419 | 420 | **Open-source** 421 | 422 | | Name | URL | Description | Language | 423 | | :---------- | :---------- | :---------- | :----------: | 424 | | **Contrast** | [contrastsecurity.com](https://www.contrastsecurity.com/contrast-community-edition) | Ignite innovation velocity on the only unified security platform built to get secure code moving through the entire application development pipeline (for Java & .NET apps) |EN | | 425 | 426 | **Paid (enterprise)** 427 | 428 | | Name | URL | Description | Language | 429 | | :---------- | :---------- | :---------- | :----------: | 430 | | **Checkmarx IAST** | [checkmarx.com](https://checkmarx.com/product/cxiast-interactive-code-scanning/) | Discover the runtime vulnerabilities in your applications that other solutions just can’t find |EN | | 431 | | **Synopsys IAST** | [synopsys.com](https://www.synopsys.com/software-integrity/security-testing/interactive-application-security-testing.html) | IAST solution with active verification and sensitive-data tracking for web-based applications |EN | | 432 | | **Acunetix IAST** | [acunetix.com](https://www.acunetix.com/vulnerability-scanner/acusensor-technology/) | IAST solution works with applications written in Node.js, PHP, Java (including the Spring framework), and ASP.NET |EN | | 433 | | **Burp IAST** | [portswigger.net](https://portswigger.net/burp/documentation/desktop/tools/infiltrator) | Tool for instrumenting target web applications in order to facilitate testing using Burp Scanner for enterprise Java & .NET applications |EN | | 434 | 435 | ### Fuzzing 436 | 437 | *Практика тестування програми, коли на вхід програмі подаються дані, які можуть призвести до невизначеної поведінки* 438 | 439 | | Name | URL | Description | Language | 440 | | :---------- | :---------- | :---------- | :----------: | 441 | | **Awesome Fuzzing** | [github.com/cpuu](https://github.com/cpuu/awesome-fuzzing#readme) | A curated list of references to awesome Fuzzing for security testing |EN | | 442 | | **Fuzzing Paper Collection** | [github.com/0xricksanchez](https://github.com/0xricksanchez/paper_collection) | Academic papers related to fuzzing, binary analysis, IoT security, and general exploitation |EN | | 443 | | **Fuzzing Papper** | [github.com/wcventure](https://github.com/wcventure/FuzzingPaper) | This website is only used for collecting and grouping the related paper |EN | | 444 | | **OSS-Fuzz від Google** | [github.com/google](https://github.com/google/oss-fuzz) | OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution |EN | | 445 | 446 | **Open-source** 447 | 448 | | Name | URL | Description | Language | 449 | | :---------- | :---------- | :---------- | :----------: | 450 | | **AFL++** | [github.com/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) | AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module support |EN | | 451 | | **Syzkaller** | [github.com/google](https://github.com/google/syzkaller) | A coverage-guided fuzzer |EN | | 452 | | **restler-fuzzer** | [github.com/microsoft](https://github.com/microsoft/restler-fuzzer) | REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services |EN | | 453 | | **Skipfish** | [github.com/spinkham](https://github.com/spinkham/skipfish) | An active web application security reconnaissance tool |EN | | 454 | | **LibFuzzer** | [llvm.org](https://llvm.org/docs/LibFuzzer.html) | LibFuzzer is an in-process, coverage-guided, evolutionary fuzzing engine |EN | | 455 | 456 | ## MAST 457 | 458 | *Інструменти для перевірки мобільних застосунків* 459 | 460 | **Open-source** 461 | 462 | | Name | URL | Description | Language | 463 | | :---------- | :---------- | :---------- | :----------: | 464 | | **MobSF** | [github.com/MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | Automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis |EN | | 465 | | **Drozer** | [github.com/WithSecureLabs](https://github.com/WithSecureLabs/drozer) | Tools to help you use, share and understand public Android exploits |EN | | 466 | 467 | **Paid (enterprise)** 468 | 469 | | Name | URL | Description | Language | 470 | | :---------- | :---------- | :---------- | :----------: | 471 | | **Appknox** | [appknox.com](https://www.appknox.com/) | Automated mobile app security checks |EN | | 472 | 473 | 474 | ## Vulnerability Management 475 | 476 | *Інструменти що збирають та агрегують результати перевірки сторонніх інструментів* 477 | 478 | **Open-source** 479 | 480 | | Name | URL | Description | Language | 481 | | :---------- | :---------- | :---------- | :----------: | 482 | | **DefectDojo** | [github.com/DefectDojo](https://github.com/DefectDojo/django-DefectDojo) | Security orchestration and vulnerability management platform |EN | | 483 | | **Secure code Box** | [github.com/secureCodeBox](https://github.com/secureCodeBox/secureCodeBox) | Kubernetes based, modularized toolchain for continuous security scans of your software project |EN | | 484 | | **Faraday** | [github.com/infobyte](https://github.com/infobyte/faraday) | Open source vulnerability manager |EN | | 485 | | **Archery** | [archerysec.github.io](https://archerysec.github.io/archerysec/) | Continuous integration/continuous delivery (CI/CD) toolchains to specify testing, and control the release of a given build based on results |EN | | 486 | 487 | **Paid (enterprise)** 488 | 489 | | Name | URL | Description | Language | 490 | | :---------- | :---------- | :---------- | :----------: | 491 | | **ThreatFix** | [coalfire.com](https://www.coalfire.com/services/offensive-security/application-security/threadfix) | Over 40 different security and development tools and integrations helping you to track vulnerabilities from discovery to resolution |EN | | 492 | | **Cisco Vulnerability Management** | [cisco.com](https://www.cisco.com/site/us/en/products/security/vulnerability-management/index.html) | Contextual insight and threat intelligence needed to intercept the next exploit and respond with precision |EN | | 493 | 494 | ## Application Security Orchestration and Correlation (ASOC) 495 | 496 | *Інструменти що оркеструють перевірки сторонніх інструментів* 497 | 498 | **Open-source** 499 | 500 | | Name | URL | Description | Language | 501 | | :---------- | :---------- | :---------- | :----------: | 502 | | **Orchestron** | [github.com/we45](https://github.com/we45/orchestron-community) | Application vulnerability management and correlation Tool |EN | | 503 | 504 | **Paid (enterprise)** 505 | 506 | | Name | URL | Description | Language | 507 | | :---------- | :---------- | :---------- | :----------: | 508 | | **Kondukto** | [kondukto.io](https://kondukto.io/) | Security testing tool, automated vulnerability remediation workflows and managsng risks |EN | | 509 | 510 | ## Compliance-as-code 511 | 512 | *Практика представлення вимог безпеки через декларативний опис у вигляді коду з подальшою безпрерервною оцінкою на відповідність* 513 | 514 | **Open-source** 515 | 516 | | Name | URL | Description | Language | 517 | | :---------- | :---------- | :---------- | :----------: | 518 | | **Chef InSpec** | [github.com/inspec](https://github.com/inspec/inspec) | Open-source testing framework for infrastructure for specifying compliance, security and policy requirements |EN | | 519 | | **Compliance Masonry** | [github.com/opencontrol](https://github.com/opencontrol/compliance-masonry) | Сommand-line interface (CLI) that allows users to construct certification documentation using the OpenControl Schema |EN | | 520 | 521 | ## IAC Security 522 | 523 | *Практика тестування декларативного опису шнфраструктури через конфігураційний файл на відповідність до вимог безпеки* 524 | 525 | **Open-source** 526 | 527 | | Name | URL | Description | Language | 528 | | :---------- | :---------- | :---------- | :----------: | 529 | | **Cfn Nag** | [github.com/stelligent](https://github.com/stelligent/cfn_nag) | Open-source tool looks for patterns in CloudFormation templates that may indicate insecure infrastructures |EN | | 530 | | **Checkov** | [github.com/bridgecrewio](https://github.com/bridgecrewio/checkov) | Static code analysis tool for infrastructure as code (IaC) and also a software composition analysis (SCA) tool for images and open source packages |EN | | 531 | | **Terrascan** | [github.com/tenable](https://github.com/tenable/terrascan) | Open-source static code analyzer for Infrastructure as Code |EN | | 532 | | **Tfsec** | [github.com/aquasecurity](https://github.com/aquasecurity/tfsec) | Static analysis of your terraform code to spot potential misconfigurations |EN | | 533 | | **kics** | [kics.io](https://www.kics.io/#) | Open source solution for static code analysis of Infrastructure as Code |EN | | 534 | | **ScoutSuite** | [github.com/nccgroup](https://github.com/nccgroup/ScoutSuite) | Open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments |EN | | 535 | 536 | #### Kubernetes YAML validating 537 | 538 | | Name | URL | Description | Language | 539 | | :---------- | :---------- | :---------- | :----------: | 540 | | **Kubeval** | [github.com/instrumenta](https://github.com/instrumenta/kubeval) | Tool for validating a Kubernetes YAML or JSON configuration file |EN | | 541 | | **Kube-score** | [github.com/zegl](https://github.com/zegl/kube-score) | Tool that performs static code analysis of your Kubernetes object definitions |EN | | 542 | | **Config-lint** | [github.com/stelligent](https://github.com/stelligent/config-lint) | A command line tool to validate configuration files using rules specified in YAML |EN | | 543 | | **Copper** | [github.com/cloud66-oss](https://github.com/cloud66-oss/copper) | Useful tool with Kubernetes configuration files to enforce best practices, apply policies and compliance requirements |EN | | 544 | | **Conftest** | [github.com/open-policy-agent](https://github.com/open-policy-agent/conftest) | Open source tool helps you write tests against structured configuration data |EN | | 545 | | **Polaris** | [github.com/FairwindsOps](https://github.com/FairwindsOps/polaris#cli) | Open source policy engine for Kubernetes |EN | | 546 | 547 | #### Порівняння інструментів 548 | 549 | | Name | URL | Description | Language | 550 | | :---------- | :---------- | :---------- | :----------: | 551 | | **tool-compare** | [github.com/iacsecurity](https://github.com/iacsecurity/tool-compare) | The goal of this repository is to help compare the different options so that users can choose the tool that best fits their own needs |EN | | 552 | | **compares tools to validate and score Kubernetes YAML files** | [earnk8s.io](https://learnk8s.io/validating-kubernetes-yaml) | The article compares six static tools to validate and score Kubernetes YAML files for best practices and compliance |EN | | 553 | 554 | 555 | #### Порівняння інструментів 556 | 557 | | Name | URL | Description | Language | 558 | | :---------- | :---------- | :---------- | :----------: | 559 | | **tool-compare** | [github.com/iacsecurity](https://github.com/iacsecurity/tool-compare) | The goal of this repository is to help compare the different options so that users can choose the tool that best fits their own needs |EN | | 560 | | **compares tools to validate and score Kubernetes YAML files** | [earnk8s.io](https://learnk8s.io/validating-kubernetes-yaml) | The article compares six static tools to validate and score Kubernetes YAML files for best practices and compliance |EN | | 561 | 562 | 563 | #### Порівняння інструментів 564 | 565 | | Name | URL | Description | Language | 566 | | :---------- | :---------- | :---------- | :----------: | 567 | | **tool-compare** | [github.com/iacsecurity](https://github.com/iacsecurity/tool-compare) | The goal of this repository is to help compare the different options so that users can choose the tool that best fits their own needs |EN | | 568 | | **compares tools to validate and score Kubernetes YAML files** | [earnk8s.io](https://learnk8s.io/validating-kubernetes-yaml) | The article compares six static tools to validate and score Kubernetes YAML files for best practices and compliance |EN | | 569 | --------------------------------------------------------------------------------