Discover five essential open source security tools that every developer should integrate into their CI/CD pipeline. Learn about Bandit or semgrep for static application security testing (SAST), Gitleaks for detecting hard-coded or insufficiently secured secrets, OSV-Scanner for dependency checks (SCA), KICS for infrastructure as code (IaC) security, and OWASP's ZAP for API and dynamic application security testing (DAST). Explore how to implement custom controls to enforce multi-factor authentication via Github Security. Through code examples and demonstrations, gain insights into creating a foundational security framework that allows for continuous iteration and evolution of your security maturity. Understand how these tools can help secure your applications from the initial stages of development through to advanced layers of security as your deployments, stacks, and security posture evolve over time.
5 Open Source Security Tools All Developers Should Know About
Overview
Syllabus
5 Open Source Security Tools All Developers Should Know Aboutwith Aviram Shmueli
Taught by
DevSecCon
Related Courses
-
DevSecOps using GitHub Actions: Secure CICD with GitHub
-
DevSecOps: Adding Security Testing Tools to Pipelines
-
Application Security for Developers and DevOps Professionals
-
5 Open Source Security Tools All Developers Should Know About
-
DevSecOps: Connecting Developers, Security, and Operations
-
Trivy: The All-in-One Open Source Security Scanner
