> For the complete documentation index, see [llms.txt](https://martian1337.gitbook.io/notes/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://martian1337.gitbook.io/notes/notes/product-security-engineering/devsecops.md). # DevSecOps ## Secure Software Objectives One simple way to describe the secure software objectives is to build or acquire software that satisŒies three Rs: Software must be reliable, resilient, and recoverable. ● Reliability means that software should function as expected. ● Resiliency means that software should withstand misuse and attack. ● Recoverability means having the ability for normal business operations restoration with minimal disruption. ## Tools for implementing DevSecOps Automation ### Development [Git Secrets](https://github.com/awslabs/git-secrets) - Prevents you from committing secrets and credentials into git repositories Security plugins (Snyk, Fortify, Veracode) in any IDE ([VSCode](https://marketplace.visualstudio.com/VSCode), [IntelliJ](https://www.jetbrains.com/idea/)) [Trufflehog](https://github.com/trufflesecurity/trufflehog) - Find and verify credentials ### Security (Application Security Testing) Code Quality - SonarQube, CodeQL SAST Security (Static) - Veracode, Chackmarx, Fortify Software Composition Analysis (SCA) Security - Fortify, Veracode, Blackduck, Snyk DAST (Dynamic) Security - OWASP ZAP, BurpSuite, WebInspect, Veracode DAST, Acunetix Infrastructure as Code (IaC) Security - Bridgecrew, Snyk Container Security - AQUA, Qualys, Prisma Cloud ### Operations Pipeline Building - Jenkins, Azure DevOps, GCP CludBuild, AWS, GitHub Actions, GitLab Cloud Security Posture Management - AQUA, BridgeCrew Container Registry Scanning - AQUA, AWS Native Registry Infrastructure Scanning Tools - Chief Inspec (Compliance), Nessus Cloud Security - Azure Defense, AWS Security Hub, Prowler (AWS) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://martian1337.gitbook.io/notes/notes/product-security-engineering/devsecops.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.