Category of Conventional Dev-Sec-Ops Tools
Publish Date:Jun 13, 2024
Author:
| Threat Modeling Tools | OWASP Threat Dragon, ThreatMode/er, Threatspec, Raindance, PyTM. MAL, Threagile. SO elements. Tutamen Threat Model Automator. Yakindu Security Analyst. Threat Playbook, DREAD |
| Pre-Commit Hooks | Git Secrets, pre Commit, DetectSecrets, Git Hound. Truffle Hog |
| Software Cornposition Analysis | Rubysec, Retire IS, Requires.O, Repo-SupervSOr |
| Static Analysis Security Testing | Bandit, Brakeman, Codesake Dawn, Findbugs, PMD, Graudit, RIPS. Puma Scan, Reshift, INSIDER CLI, Spectralops, Klocwork, HCL Appscan, Fortify, Coverity, .NET Security Guard, CodeWarrior |
| IDE Plug-ins | DevSkim, JFrog Eclipse. Snyk, CAT.net. Spotb%:s. Findbugs, FindSecBugs |
| Secrets Management | Hashicorp Torus, Keywhiz, EnvKey, Confidant, Doppler, Berglas |
| Dynamic Application Security Testing (OAST) | Arachni Scanner, Nikto. Acunetid, Fortify, Weblnspect, Veracode Dynamic Analysis, w.3af, Wapiti. entnel Dynamic. Rapid7. Misterscanner, ACL Appear', GitLab Ultimate |
| Compiance as Code | inspec, Serverspec, DevSec Hardening Framework, Kitchen O, Docker Bench for Security |
| Web Application Firewall | ModSecurity WAF, NAXSI, WebKnight, Shadow Daernon, Imperva WAF |
| Security in Infrastructure as Code | Clair. Anchore Engine, Dada. Open-sap, Dockscan, Snyk Iac •curity, Infrastructure VAS, CloudSpIOit, Accurics, Checkov, TFLint |
| Vulnerability Management | ArchervSec, Defect Dojo, JackHammer, ThreadFix, Qua/ys. Flexera, Rapid7 InsightVM. Falcon Spotlight, Vulnerability Manager Plus. IP360, Kenna Security. F•9cure Elements VM, GFI Languard, Greenbone's VM, beSECURE |
NOTE:The Information provided is on "as is" basis, without assurance of any kind. |