├── 01-DevSecOps资源 └── 代码疫苗技术在DevSecOps体系下的实践.pdf ├── 02-DevSecOps书籍 ├── DevSecOps领导者指南.pdf ├── README.md ├── 企业DevOps架构指南安全篇(拆书版).pdf └── 敏捷及DevOps安全实用指南.pdf └── README.md /01-DevSecOps资源/代码疫苗技术在DevSecOps体系下的实践.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsogroup/DevSecOps/ff4d6a980807794c506f66fb93df15f108bcae5b/01-DevSecOps资源/代码疫苗技术在DevSecOps体系下的实践.pdf -------------------------------------------------------------------------------- /02-DevSecOps书籍/DevSecOps领导者指南.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsogroup/DevSecOps/ff4d6a980807794c506f66fb93df15f108bcae5b/02-DevSecOps书籍/DevSecOps领导者指南.pdf -------------------------------------------------------------------------------- /02-DevSecOps书籍/README.md: -------------------------------------------------------------------------------- 1 | 02-DevSecOps书籍 -------------------------------------------------------------------------------- /02-DevSecOps书籍/企业DevOps架构指南安全篇(拆书版).pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsogroup/DevSecOps/ff4d6a980807794c506f66fb93df15f108bcae5b/02-DevSecOps书籍/企业DevOps架构指南安全篇(拆书版).pdf -------------------------------------------------------------------------------- /02-DevSecOps书籍/敏捷及DevOps安全实用指南.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsogroup/DevSecOps/ff4d6a980807794c506f66fb93df15f108bcae5b/02-DevSecOps书籍/敏捷及DevOps安全实用指南.pdf -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # DevSecOps-开发和安全和运营 2 | 3 | ![DevSecOps](https://socialify.git.ci/ASTTeam/DevSecOps/image?description=1&font=Inter&forks=1&issues=1&name=1&owner=1&pattern=Floating%20Cogs&pulls=1&stargazers=1&theme=Light) 4 | 5 | 本项目用来收集整理学习DevSecOps相关内容,包括DevSecOps的理念产品以及衍生的工具思路等。包括开源安全、供应链安全、云原生安全等细分领域。当安全是所有 DevOps 的工作重心时,这便是DevSecOps。DevSecOps是一种方法,是将开发和安全和运营紧密结合起来的思想。DevSecOps-Software development (Dev) and Security (Sec) and IT operations (Ops). 6 | 7 | 本项目创建于2022年10月20日,最近的一次更新时间为2023年10月10日。作者:[0e0w](https://github.com/0e0w/DevOps) 8 | 9 | - [01-DevSecOps资源]() 10 | - [02-DevSecOps书籍]() 11 | - [03-DevSecOps工具]() 12 | - [04-DevSecOps产品]() 13 | - [05-DevSecOps职位]() 14 | - [05-DevSecOps老师]() 15 | 16 | ## 01-DevSecOps资源 17 | 18 | - https://github.com/topics/devsecops 19 | - https://github.com/search?q=devsecops 20 | 21 | 一、基础资源 22 | - [ ] https://github.com/sottlmarek/DevSecOps 23 | - [ ] https://github.com/DefectDojo/django-DefectDojo 24 | - [ ] https://github.com/sidd-harth/kubernetes-devops-security 25 | - [ ] https://github.com/devsecops/awesome-devsecops 26 | - [ ] https://github.com/krol3/container-security-checklist 27 | - [ ] https://github.com/devsecops/bootcamp 28 | - [ ] https://github.com/TaptuIT/awesome-devsecops 29 | - [ ] https://github.com/hahwul/DevSecOps 30 | - [ ] https://github.com/lwindolf/lzone-cheat-sheets 31 | - [ ] https://github.com/magnologan/gha-devsecops 32 | - [ ] https://github.com/zemmali/DevSecOps-Toolchain 33 | - [ ] https://github.com/rcarrata/devsecops-demo 34 | - [ ] https://github.com/OWASP/DevSecOpsGuideline 35 | - [ ] https://github.com/michalkoczwara/DevSecOps-Studio 36 | - [ ] https://github.com/devsecops/devsecops 37 | - [ ] https://github.com/wurstbrot/DevSecOps-MaturityModel 38 | - [ ] https://github.com/dsohk/rancher-devsecops-workshop 39 | - [ ] https://github.com/boozallen/devsecops-example-helloworld 40 | - [ ] https://github.com/stelligent/aws-devsecops-workshop 41 | - [ ] https://github.com/aws-samples/devsecops-cicd 42 | - [ ] https://github.com/PGCSEDS-IIITH/devsecops-iris 43 | - [ ] https://github.com/We5ter/Awesome-DevSecOps-Platforms 44 | - [ ] https://github.com/ztosec/hunter 45 | - [ ] https://github.com/pawnu/PythonSecurityPipeline 46 | - [ ] https://github.com/aws-asean-builders/devsecops 47 | - [ ] https://github.com/baidu/openrasp 48 | - [ ] https://github.com/cloudsecurityalliance/wg-DevSecOps 49 | - [ ] https://github.com/0xsomnus/Solidity-DevSecOps-Standard 50 | - [ ] https://github.com/OWASP/glue 51 | - [ ] https://github.com/OWASP/RiskAssessmentFramework 52 | - [ ] https://github.com/michelin/ChopChop 53 | - [ ] https://github.com/AErmie/DevSecOps 54 | - [ ] https://github.com/GSA/DevSecOps 55 | - [ ] https://github.com/lgmorand/DevSecOpsTable 56 | - [ ] https://github.com/krol3/devsecops-resources 57 | - [ ] https://github.com/GSA/security-benchmarks 58 | - [ ] https://github.com/aws-samples/devsecops-workshop-on-aws 59 | - [ ] https://github.com/PacktPublishing/Accelerating-DevSecOps-on-AWS 60 | - [ ] https://github.com/trufflesecurity/trufflehog 61 | - [ ] https://github.com/SpectralOps/preflight 62 | - [ ] https://github.com/aquasecurity/tfsec 63 | - [ ] https://github.com/aquasecurity/trivy 64 | - [ ] https://github.com/gravitl/netmaker 65 | - [ ] https://github.com/prowler-cloud/prowler 66 | - [ ] https://github.com/bridgecrewio/checkov 67 | - [ ] https://github.com/turbot/steampipe 68 | - [ ] https://github.com/anteater/anteater 69 | - [ ] https://github.com/Swordfish-Security/awesome-devsecops-russia 70 | - [ ] https://mp.weixin.qq.com/s/_jBmFdtyXY5D_YrrTUP1iQ 71 | 72 | 二、学术论文 73 | 74 | - [Google学术搜索](https://scholar.google.com.hk/scholar?hl=zh-CN&as_sdt=0%2C5&q=devsecops&btnG=) 75 | 76 | 三、论坛社区 77 | 78 | - 高效运维社区 79 | - DevOps时代社区 80 | 81 | 四、其他资源 82 | - [ ] https://github.com/murphysecurity/murphysec 83 | - [ ] https://www.veracode.com/solutions/devsecops 84 | - [ ] https://github.com/BBVA/apicheck 85 | - [ ] https://github.com/defenseunicorns/zarf 86 | - [ ] https://github.com/rcarrata/devsecops-demo 87 | - [ ] https://github.com/fluidattacks/makes 88 | - [ ] https://github.com/cider-security-research/cicd-goat 89 | 90 | ## 02-DevSecOps书籍 91 | 92 | 一、中文书籍 93 | - [ ] [《DevSecOps敏捷安全》](https://item.jd.com/13272303.html)@子芽 94 | - [x] [《DevSecOps实战》](https://item.jd.com/13016425.html)@周纪海等著#50% 95 | 96 | 二、英文书籍 97 | - [ ] [《DevSecOps》](https://item.jd.com/10028188284125.html)@Glenn Wilson 98 | - [ ] [《Learning Devsecops》](https://item.jd.com/10040874594859.html)@Ribeiro 99 | - [ ] https://github.com/6mile/DevSecOps-Playbook 100 | 101 | ## 03-DevSecOps工具 102 | 103 | 本部分主要关注DevSecOps中的Sec类工具,其中包括开源工具商业产品等。不仅是SAST工具! 104 | 105 | 一、SAST 106 | - https://github.com/ASTTeam/SAST 107 | - https://github.com/ASTTeam/Fortify 108 | - https://github.com/ASTTeam/SonarQube 109 | - https://github.com/ASTTeam/Checkmarx 110 | - https://github.com/ASTTeam/CodeQL 111 | - https://github.com/ASTTeam/Semgrep 112 | - https://github.com/ASTTeam/BlackDuck 113 | 114 | 二、DAST 115 | - https://github.com/ASTTeam/DAST 116 | 117 | 三、IAST 118 | - https://github.com/ASTTeam/IAST 119 | 120 | 四、SCA 121 | - https://github.com/ASTTeam/SCA 122 | 123 | 五、Others 124 | - [ ] https://github.com/infobyte/faraday 125 | - [ ] https://github.com/tenable/terrascan 126 | - [ ] https://github.com/bunkerity/bunkerweb 127 | - [ ] https://github.com/deepfence/ThreatMapper 128 | - [ ] https://github.com/archerysec/archerysec 129 | - [ ] https://github.com/Checkmarx/kics 130 | - [ ] https://github.com/lunasec-io/lunasec 131 | - [ ] https://github.com/GitGuardian/ggshield 132 | 133 | ## 04-DevSecOps产品 134 | 135 | - 悬境安全:https://www.xmirror.cn 136 | - 墨菲安全:https://www.murphysec.com 137 | - 火线安全:https://www.huoxian.cn 138 | - 探真科技:https://www.tensorsecurity.cn 139 | - 思客云:http://www.secureyun.cn 140 | - 龙智:https://www.shdsd.com 141 | - 开源网安:https://www.seczone.cn 142 | - 嘉为蓝鲸:https://www.canway.net 143 | - https://www.microfocus.com/zh-cn/devsecops 144 | 145 | ## 05-DevSecOps岗位 146 | 147 | - [PingCAP-DevSecOps 安全专家](https://careers.pingcap.com/apply/pingcap/39950/#/job/3a7c73a4-cbd3-4381-bd68-8e5291710cf8) 148 | 149 | ## 06-DevSecOps老师 150 | 151 | ![Stargazers over time](https://starchart.cc//ASTTeam/DevSecOps.svg) --------------------------------------------------------------------------------