A curated, modular knowledge base for building and scaling secure DevOps (a.k.a. DevSecOps) pipelines.
This repository brings together tools, best practices, checklists, and resources to help you "shift security left" — making it a core part of your SDLC.
- Pre-Commit Tools
- Secrets Management
- SAST Tools
- DAST Tools
- Dependency & SBOM Management
- Supply Chain Security
- CI/CD Security
- Containers & Image Scanning
- Kubernetes Security
- Multi-Cloud & Cloud Provider Security
- Infrastructure as Code Security
- Policy as Code
- Chaos Engineering
- Orchestration and Automation
- Monitoring
DevSecOps isn't a tool — it's a mindset and cultural shift. It empowers teams to take ownership of security from the first line of code to deployment, monitoring, and beyond.
By breaking this repository into modular files under the content/ directory, we aim to make the resource:
- Scalable as the ecosystem grows
- Maintainable by contributors
- Navigable for learners and professionals alike
Want to add a tool, update a broken link, or fix a typo?
Just submit an issue or a pull request — all contributions are welcome!