DevSecOps

Tools

• trivy - Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets, also cloud infrastructure as well.
• No Secrets! 🤫 - Find secrets in your GitHub repo.
• teller - Cloud native secrets management for developers - never leave your command line for secrets.

Resources

• OAuth 2.0 Simplified
• The DevOps Security Checklist Redux
• The SaaS CTO Security Checklist Redux
• The Cloud Native Wiki
• The Copenhagen Book
• Hacking The Cloud - Hacking the cloud is an encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on their next cloud exploitation adventure. The goal is to share this knowledge with the security community to better defend cloud native technologies.
• SLSA - Supply-chain Levels for Software Artifacts
• The twelve-factor app