Security in CICD / DevSecOps

This page summarizes the projects mentioned and recommended in the original post on /r/devops
Security vulnerability-detection software-composition-analysis security-audit Opa

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • OPA (Open Policy Agent)

    Open Policy Agent (OPA) is an open source, general-purpose policy engine.

    • Depends on the area you're focusing on, but OPA is great for a bunch of tools in the ecosystem. We use it for Terraform.

  • slsa

    Supply-chain Levels for Software Artifacts

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • cosign

    Code signing and transparency for containers and binaries

    • most critical thing today is: https://github.com/sigstore/cosign

  • gitlab

    • There's a lot of cool security stuff out there. One place to start could be look at GitLab's "Auto DevOps" and hoping through the template that link to from their ci.yaml.

  • DependencyCheck

    OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

    • From OWASP for those class of tools you could look into DependencyCheck and DependencyTrack

  • dependency-track

    Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

    • From OWASP for those class of tools you could look into DependencyCheck and DependencyTrack

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts