DevSecOps focuses on integrating security practices and principles into the DevOps process. Here are some popular tools used in DevSecOps for different stages of the software development lifecycle:
1. Static Application Security Testing (SAST):
- SonarQube
- Fortify
- Veracode
- Checkmarx
2. Dynamic Application Security Testing (DAST):
- OWASP ZAP (Zed Attack Proxy)
- Burp Suite
- Nessus
- Acunetix
3. Container Security:
- Docker Bench for Security
- Clair
- Anchore
- Twistlock
4. Infrastructure as Code (IaC) Security:
- Open Policy Agent (OPA)
- Terrascan
- CloudFormation Guard
- Checkov
5. Vulnerability Scanning:
- Nessus
- Qualys
- OpenVAS
- Nexpose
6. Continuous Integration/Continuous Delivery (CI/CD) Security:
- Jenkins
- GitLab CI/CD
…
