DevSecOps
Tools
- trivy - Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets, also cloud infrastructure as well.
- No Secrets! 🤫 - Find secrets in your GitHub repo.
- teller - Cloud native secrets management for developers - never leave your command line for secrets.
Scanners
- cloudfox - Automating situational awareness for cloud penetration tests.
Resources
- OAuth 2.0 Simplified
- The DevOps Security Checklist Redux
- The SaaS CTO Security Checklist Redux
- The Cloud Native Wiki
- The Copenhagen Book
- Hacking The Cloud - Hacking the cloud is an encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on their next cloud exploitation adventure. The goal is to share this knowledge with the security community to better defend cloud native technologies.
- SLSA - Supply-chain Levels for Software Artifacts
- The twelve-factor app