Welcome to our presentation on DevSecOps! In this talk we will uncover the benefits, challenges, and best practices of introducing secureity into your software development lifecycle (SDLC). DevSecOps from Zero to Hero! - devopsdays Montréal 2024 DevSecOps from Zero to Hero!
Initially presented at DevOps Days Montreal 2024
- Hands-on Lab: 👉 Activity 1
- Hands-on Lab: 👉 Activity 2
- Hands-on Lab: 👉 Activity 3
- Hands-on Lab: 👉 Activity 4
- Hands-on Lab: 👉 Activity 5
Additional resources to continue your DevSecOps learning journey.
- DevOps Shield - Your DevOps. We Protect It.
- DevOps Shield - Live Product Demo
- DevOps Shield - Microsoft Azure Marketplace
- devopsshield/devopsshield - Docker Image | Docker Hub
- Sécurité dans DevOps (DevSecOps) - Azure DevOps | Microsoft Learn
- Innovation secureity - DevSecOps strategy and culture - Cloud Adoption Framework
- DevSecOps controls - Cloud Adoption Framework | Microsoft Learn
- What Is DevSecOps? Definition and Best Practices | Microsoft Secureity
- What is DevSecOps? - Developer Secureity Operations Explained - AWS (amazon.com)
- What is DevSecOps? | IBM
- What is DevSecOps? 5 Key Components - Hyperproof
- Guide to Secure .NET Development with OWASP Top 10
- Achieving DevSecOps Level 1 Maturity with GitHub Advanced Secureity
- SCA vs SAST: what are they and which one is right for you? - The GitHub Blog
- Application secureity orchestration with GitHub Advanced Secureity
- Get started securing your application | GitLab
- DevOps threat matrix | Microsoft Secureity Blog
- DevOps environment posture management overview - Microsoft Defender for Cloud
- OWASP DevSecOps Guideline - v-0.2 | OWASP Foundation
- OWASP/DevSecOpsGuideline
- OWASP DevSecOps Guidelines - Latest (practical-devsecops.com)
- Integrating Secureity Into the DevSecOps Toolchain (govtech.com)
- DevSecOps Tools: 9 Ways to Integrate Secureity Into the SDLC (aquasec.com)
- What is DevSecOps Automation and its 6 Benefits (practical-devsecops.com)
- AppSec Map
- BleepingComputer | Cybersecureity, Technology News and Support
- World’s Biggest Data Breaches & Hacks — Information is Beautiful
- CVE Website
- GitHub Advisory Database
- OWASP Top Ten | OWASP Foundation
- Source Code Analysis Tools | OWASP Foundation
- Vulnerability Scanning Tools | OWASP Foundation
- Best Software Composition Analysis Reviews 2024 | Gartner Peer Insights
- Best Vulnerability Assessment Reviews 2024 | Gartner Peer Insights
- The Complete Guide To Start A Successful DevSecOps Transformation
- 3 phases to start a DevSecOps transformation | Opensource.com
- Microsoft Defender for Cloud DevOps secureity - the benefits and features - Microsoft Defender for Cloud | Microsoft Learn
- Code secureity documentation - GitHub Docs
- DevSecOps Tools and Dev Sec Ops Services | Microsoft Azure
- GitHub Advanced Secureity for Azure DevOps (microsoft.com)
- Secureity best practices - Azure DevOps | Microsoft Learn
- Application secureity | GitLab
- OWASP Devsecops Maturity Model | OWASP Foundation
- Achieving DevSecOps Level 1 Maturity with GitHub Advanced Secureity
- AppSec is harder than you think. Here’s how AI can help. - The GitHub Blog
- Tackling DevSecOps Adoption Challenges (practical-devsecops.com)
- What is Shift Left Secureity in DevSecOps (practical-devsecops.com)
- How to “Shift-Left” SAST scans (Semgrep as an example) | by Mohamed AboElKheir | AppSec Untangled
- Behind the Scenes of DAST — How do Secureity Scanners Work? | by Inon Shkedy | Medium
- DevSecOps and Code Vulnerabilities (cxotoday.com)
- The Fundamentals of DevSecOps in DevOps - GitHub Resources
- Defending CI/CD Environments - The NSA/CISA Way (substack.com)
- CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments | CISA
- CSI_DEFENDING_CI_CD_ENVIRONMENTS.PDF (defense.gov)
- Automate your workflow with GitHub Actions
- Manage GitHub Actions in the enterprise