Welcome to our presentation on DevSecOps! In this talk we will uncover the benefits, challenges, and best practices of introducing security into your software development lifecycle (SDLC). DevSecOps from Zero to Hero! - devopsdays Montréal 2024 DevSecOps from Zero to Hero!
Initially presented at DevOps Days Montreal 2024
- Hands-on Lab: 👉 Activity 1
- Hands-on Lab: 👉 Activity 2
- Hands-on Lab: 👉 Activity 3
- Hands-on Lab: 👉 Activity 4
- Hands-on Lab: 👉 Activity 5
Additional resources to continue your DevSecOps learning journey.
- DevOps Shield - Your DevOps. We Protect It.
- DevOps Shield - Live Product Demo
- DevOps Shield - Microsoft Azure Marketplace
- devopsshield/devopsshield - Docker Image | Docker Hub
- Sécurité dans DevOps (DevSecOps) - Azure DevOps | Microsoft Learn
- Innovation security - DevSecOps strategy and culture - Cloud Adoption Framework
- DevSecOps controls - Cloud Adoption Framework | Microsoft Learn
- What Is DevSecOps? Definition and Best Practices | Microsoft Security
- What is DevSecOps? - Developer Security Operations Explained - AWS (amazon.com)
- What is DevSecOps? | IBM
- What is DevSecOps? 5 Key Components - Hyperproof
- Guide to Secure .NET Development with OWASP Top 10
- Achieving DevSecOps Level 1 Maturity with GitHub Advanced Security
- SCA vs SAST: what are they and which one is right for you? - The GitHub Blog
- Application security orchestration with GitHub Advanced Security
- Get started securing your application | GitLab
- DevOps threat matrix | Microsoft Security Blog
- DevOps environment posture management overview - Microsoft Defender for Cloud
- OWASP DevSecOps Guideline - v-0.2 | OWASP Foundation
- OWASP/DevSecOpsGuideline
- OWASP DevSecOps Guidelines - Latest (practical-devsecops.com)
- Integrating Security Into the DevSecOps Toolchain (govtech.com)
- DevSecOps Tools: 9 Ways to Integrate Security Into the SDLC (aquasec.com)
- What is DevSecOps Automation and its 6 Benefits (practical-devsecops.com)
- AppSec Map
- BleepingComputer | Cybersecurity, Technology News and Support
- World’s Biggest Data Breaches & Hacks — Information is Beautiful
- CVE Website
- GitHub Advisory Database
- OWASP Top Ten | OWASP Foundation
- Source Code Analysis Tools | OWASP Foundation
- Vulnerability Scanning Tools | OWASP Foundation
- Best Software Composition Analysis Reviews 2024 | Gartner Peer Insights
- Best Vulnerability Assessment Reviews 2024 | Gartner Peer Insights
- The Complete Guide To Start A Successful DevSecOps Transformation
- 3 phases to start a DevSecOps transformation | Opensource.com
- Microsoft Defender for Cloud DevOps security - the benefits and features - Microsoft Defender for Cloud | Microsoft Learn
- Code security documentation - GitHub Docs
- DevSecOps Tools and Dev Sec Ops Services | Microsoft Azure
- GitHub Advanced Security for Azure DevOps (microsoft.com)
- Security best practices - Azure DevOps | Microsoft Learn
- Application security | GitLab
- OWASP Devsecops Maturity Model | OWASP Foundation
- Achieving DevSecOps Level 1 Maturity with GitHub Advanced Security
- AppSec is harder than you think. Here’s how AI can help. - The GitHub Blog
- Tackling DevSecOps Adoption Challenges (practical-devsecops.com)
- What is Shift Left Security in DevSecOps (practical-devsecops.com)
- How to “Shift-Left” SAST scans (Semgrep as an example) | by Mohamed AboElKheir | AppSec Untangled
- Behind the Scenes of DAST — How do Security Scanners Work? | by Inon Shkedy | Medium
- DevSecOps and Code Vulnerabilities (cxotoday.com)
- The Fundamentals of DevSecOps in DevOps - GitHub Resources
- Defending CI/CD Environments - The NSA/CISA Way (substack.com)
- CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments | CISA
- CSI_DEFENDING_CI_CD_ENVIRONMENTS.PDF (defense.gov)
- Automate your workflow with GitHub Actions
- Manage GitHub Actions in the enterprise