tools

command

v0.0.0-...-cbfff58 Latest Latest Go to latest Published: May 29, 2022 License: MIT Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/merlinepedra25/devsecops

Links

Open Source Insights

README ¶

Why collect the tools?

Spending a lot of time on applying DevSecOps is searching, comparing, and making decisions about tools. These tool lists are a good way to help you reduce unnecessary time and apply them quickly 😎

List of Tool

Type	Name	Description
Build/SAST	SonarQube	SonarQube is an open-source platform for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
Build/SAST	codeql	CodeQL
Build/SAST	semgrep	Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Build/SAST	sonarcloud-github-action	Integrate SonarCloud code analysis to GitHub Actions
Build/SECRET-MANAGE	kamus	An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
Build/SECRET-MANAGE	secrets-sync-action	A Github Action that can sync secrets from one repository to many others.
Build/SECRET-MANAGE	vault-action	A GitHub Action that simplifies using HashiCorp Vault ™ secrets as build variables.
Design/THREAT	owasp-threat-dragon-desktop	An installable desktop variant of OWASP Threat Dragon
Design/THREAT	pytm	A Pythonic framework for threat modeling
Design/THREAT	seasponge	SeaSponge is an accessible threat modelling tool from Mozilla
Design/THREAT	threagile	Agile Threat Modeling Toolkit
Operate and Monitor/COMPONENT-ANALYSIS	dependency-track	Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Operate and Monitor/K8S	kube-hunter	Hunt for security weaknesses in Kubernetes clusters
Test/DAST	action-baseline	A GitHub Action for running the OWASP ZAP Baseline scan
Test/DAST	action-dalfox	XSS scanning with Dalfox on Github-action
Test/DAST	action-full-scan	A GitHub Action for running the OWASP ZAP Full scan
Test/DAST	zaproxy	The OWASP ZAP core project
Test/PENTEST	faraday	Collaborative Penetration Test and Vulnerability Management Platform
Test/PENTEST	metasploit-framework	Metasploit Framework
Test/PENTEST	monkey	Infection Monkey - An automated pentest tool
Test/PENTEST	ptf	The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.