Today, I'm hosting a webinar on "How to Build a DevSecOps Program that Works for Developers AND Security" and hope you’ll tune in – register here. As I prepped for the session, I realized it might be useful to the broader community to offer up the references and tools I’ve collected on my journey to DevSecOps.
So without further ado, here are some of my favorite free, built-in, and open-source tools, as well as great reference material that can help you plan your move to DevSecOps. Check out the DevOps Lifecycle graphic below to see where each of these free tools fits into your process. This is far from a full list, but it’s a good starting point to try within your environment.
https://github.com/OWASP/wstg/tree/master/checklist (good for developing manual unit tests)
Mozilla Enterprise Defense Platform https://github.com/mozilla/MozDef