Sign up for our weekly newsletter!
REGISTER NOW |
||
|
||
Finding Tools for DevSecOps![]() When DevSecOps are defined it can begin a process. But ultimately process requires tools to become practice. Where do you go to find tools to use when an organization wants to move beyond theory adding security to DevOps? The good news is that there are sources for tools, and the better news is that there are some third-party lists for those tools. Depending on just how dedicated your organization is to the principles of open source, one resource might be the only directory you need to get started, but in any case, your organization will not be left without options. GitHubGitHub, the code-repository resource that has become the home to thousands of open source projects and software-designer portfolios, has a page dedicated to DevSecOps. The page, modestly titled "Awesome DevSecOps," features resources ranging from automation and testing tools to podcasts and conferences. Many of the resources listed on Awesome DevSecOps are valuable whether you're moving in the DevOps world or not. For example, WebGoat is a basic resource for learning web app security no matter which development discipline you're using. In the same way, while team-wide communication is critical for DevSecOps (and DevOps in general), there's nothing DevOps-specific about Slack or HipChat. Taken as a whole, though, the GitHub page may be the single resource that is currently most comprehensive when it comes to tools for those in starting down the DevSecOps path. Virtualizing the Cable Architecture @ SCTE/ISBE's Cable-Tec Expo
That doesn't mean it's the only resource, though. DevSecOps.org has links to tools and references that those getting started in the field would find useful. There are also links to projects, presentations, and even comics on the site, as well as a way to join the Linkedin group run by this group of security professionals. It should be noted that, as with an group of volunteers, activity can wax and wane, and some of the sections haven't been refreshed in a while. The principles expressed are still useful, though, and beginners will find a great deal to help them on their way in the pages. In addition to these two sites, there are a number of vendor-sponsored sites and pages that deal with the tools and practices around DevSecOps. They aren't listed here -- that's what Google is for. The fact is that most tools used in DevSecOps are common to the tools used in DevOps. There are scores of sites available for finding those, though GitHub once again provides a good place to start. As with DevOps, agile, and all the variations on them that are scattered around the enterprise development and operations landscape, the biggest tool that any organization can have is a willingness to change coupled with champions able to muscle, cajole, and inspire teams through the rough spots. Related posts:
— Curtis Franklin is the editor of SecurityNow.com. Follow him on Twitter @kg4gwa. |
The key to being more secure might well lie in the ability to slow down just a bit.
The year opens with a huge vulnerability. Of course there's a haiku to explain it all.
The readers of Security Now have weighed in on the idea of cybersecurity teams going on the offense against hackers. Hackers might want to start worrying.
A vulnerability in the way that Intel CPUs deal with memory could leave everyone using an Intel-based computer open to attack.
It's a new year filled with new threats in IT security. Rejoice!
Information Resources
upcoming Webinars
ARCHIVED
Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization
Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London Podcasts
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security. ![]() like us on facebook
|
|
![]() |
||
![]() |
Security Now
About Us
Contact Us
Help
Register
Events
Supporting Partners
Twitter
Facebook
RSS
Copyright © 2019 Light Reading, part of Informa Tech, a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use in partnership with
|