cloudsecurityalliance / wg-DevSecOps

DevSecOps Working Group

☆12

Related projects: ⓘ

f5devcentral / terraform-aws-f5-sca
The Secure Cloud Architecture (SCA) is a location & cloud agnostic flexible and repeatable conceptual deployment pattern that can adapt f…
☆15Updated 4 years ago
chughes29 / state-of-cloud-security
A collection of 2020 artifacts describing the major pain points, vulnerabilities and concerns with Cloud Security.
☆19Updated 3 years ago
chughes29 / DoD-Federal-Government-Cloud-Computing-Resources
A collection of DoD and Federal Government Cloud Computing Resources
☆47Updated 3 years ago
PaloAltoNetworks / Prisma-Cloud-DevOps-Security
☆12Updated 3 years ago
ComplianceAsCode / ComplianceAsCode.github.io
A ComplianceAsCode blog
☆25Updated this week
ayeks / devsecops-reference-architectures
A collection of DevSecOps reference architectures
☆62Updated 3 years ago
appsecpipeline / AppSecPipeline-Specification
AppSecPipeline Specification for DevOps automation.
☆38Updated last year
controlplaneio / threat-modelling-labs
Labs for Threat Modelling training delivered by ControlPlane
☆28Updated 4 months ago
stelligent / aws-devsecops-workshop
A continuous security pipeline demo for the AWS DevSecOps Workshop.
☆45Updated 4 years ago
mitre / heimdall_tools
DEPRECATED: A set of utilities for converting and working with compliance data for viewing in the heimdall applications
☆35Updated 2 years ago
aaronlippold / xccdf2inspec
***MERGED: SEE README:*** The XCCDF to InSpec parser scans and extracts the controls defined in the DISA XCCDF STIG XML documents and con…
☆11Updated 5 years ago
DevSlop / pixi-crs
CI Pipeline with Pixi, the WAF OWASP Core Rule Set and TestCafe tests.
☆15Updated 3 years ago
tenchi-security / camp
CloudSplaining on AWS Managed Policies
☆41Updated this week
OpenSecuritySummit / project-ASVS-User-Stories
☆18Updated 2 years ago
mitre / cis-aws-foundations-hardening
(WIP) A terraform / kitchen-terraform hardening baseline for the cis-aws-foundations-baseline
☆24Updated 2 years ago
bridgecrewio / kustomizegoat
Vulnerable Kustomize Kubernetes templates for training and education
☆47Updated 2 years ago
ComplianceAsCode / auditree-framework
The Auditree framework tool to run compliance control checks as unit tests.
☆59Updated last month
risk-redux / control_freak
NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations
☆34Updated last month
shehackspurple / TTT-Pushing-Left
This repository will teach you have to do my talk "Pushing Left, Like a Boss".
☆69Updated 2 years ago
CISecurity / CISControls_OSCAL
A repository containing OSCAL serializations of the CIS Critical Security Controls
☆48Updated last year
mitre / inspec_tools
A command-line and ruby API of utilities, converters and tools for creating, converting and processing security baseline formats, results…
☆91Updated last month
madhuakula / security-automation-with-ansible-2
Ansible Playbooks for Security Automation with Ansible2 book
☆96Updated 6 years ago
GoComply / fedramp
Open source tool for processing OSCAL based FedRAMP SSPs
☆36Updated 4 months ago
OWASP / www-project-devsecops-maturity-model
OWASP Foundation Web Respository
☆52Updated last year
dome9 / onboarding-scripts
A public repository with scripts and tools for mass / automated onboarding of cloud accounts (AWS,Azure,GCP)
☆23Updated 3 years ago
Threat-Modeling-Manifesto / threat-modeling-manifesto
Threat Modeling Manifesto
☆24Updated 2 months ago
GSA / security-benchmarks
GSA Security Benchmarks and Tools
☆21Updated 5 years ago
opencontrol / fedramp-templater
EXPERIMENTAL: a template builder for FedRAMP System Security Plans
☆36Updated 4 years ago
GovReady / compliancelib-python
Machine readable cybersecurity compliance standards library for Python, starting with FISMA and NIST Risk Management Framework
☆57Updated 4 years ago
OWASP / www-project-vulnerability-management-guide
OWASP Foundation Web Respository
☆26Updated last year