Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
-
dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Depends on the area you're focusing on, but OPA is great for a bunch of tools in the ecosystem. We use it for Terraform.
most critical thing today is: https://github.com/sigstore/cosign
There's a lot of cool security stuff out there. One place to start could be look at GitLab's "Auto DevOps" and hoping through the template that link to from their ci.yaml.
From OWASP for those class of tools you could look into DependencyCheck and DependencyTrack
From OWASP for those class of tools you could look into DependencyCheck and DependencyTrack