DevSecOps

This repository is a reference library of open-source tools and resources for DevSecOps, which is the practice of integrating security into every stage of software development and deployment rather than treating it as a final step. The collection is organized as a structured list covering tools for different phases of the development pipeline, from writing code to running it in production.

DevSecOps, as the README explains, connects development, security, and operations teams. The idea is that security checks happen continuously throughout the build and release process rather than only at the end. The library covers the cloud and DevOps scope specifically, not general security.

The tools are grouped by category. Pre-commit tools scan code for accidentally committed secrets like API keys and passwords before they reach a shared repository. Separate sections cover static analysis (scanning code for vulnerabilities without running it), dynamic analysis (testing a running application), dependency and open-source component scanning, container security, Kubernetes security, infrastructure-as-code checks, secrets management, policy enforcement, chaos engineering, and CI/CD pipeline security. Each section lists tools with their GitHub link and a brief description.

Cloud platform coverage is split into AWS, Google Cloud, and Azure sections, each with tools specific to those environments. There are also sections on methodologies, whitepapers, and architecture patterns for teams looking for context beyond individual tools.

Contributions are accepted through pull requests following posted guidelines: only active open-source security tools, no duplicates, and factual descriptions over personal opinions.

The full README is longer than what was shown.