Roadmap for everyone who wants DevSecOps.
๐ Table of Contents
- Roadmap
- Tools
- Resources
- Security of CICD
- Awesome resources
- Other roadmaps
- Wrap Up
- Contributors
- Contribute
๐ญ Roadmap
๐ฉ Tools
Spending a lot of time on applying DevSecOps is searching, comparing, and making decisions about tools. These tool lists are a good way to help you reduce unnecessary time and apply them quickly ๐
Open https://github.com/hahwul/DevSecOps/blob/main/tools/README.md
๐ฆ Resources
0. DevSecOps Overview
- Overview
1. Design
- Development Lifecycle
- Threat Model
2. Develop
- Secure Coding
3. Build
- SAST(Static Application Security Testing)
4. Test
- DAST(Dynamic Application Security Testing)
- Penetration testing
5. Deploy
- Security Hardening & Config
- Security Scanning
6. Operate and Monitor
- RASP(Run-time Application Security Protection)
- Security Patch
- RASP(Runtime Application Self-Protection)
- Security Audit
- Security Monitor
- IAST(Interactive Application Security Testig)
- Metrics, Monitoring, Alerting
- Security Analysis
Security of CICD
- Github Actions
- Jenkins
Awesome resources
๐ Other roadmaps
![]() |
![]() |
---|---|
U.S. Department of Defense | Larry Maccherone |
The DevSecOps Security Checklist | Gitlab security devops diagram |
๐๐ผ Wrap Up
If you think the roadmap can be improved, please do open a PR with any updates and submit any issues. Also, I will continue to improve this, so you might want to star this repository to revisit.
Idea from : Go Developer Roadmap