# DevSecOps

## Secure Software Objectives

One simple way to describe the secure software objectives is to build or acquire software that satisies three Rs: Software must be reliable, resilient, and recoverable.&#x20;

● Reliability means that software should function as expected.&#x20;

● Resiliency means that software should withstand misuse and attack.&#x20;

● Recoverability means having the ability for normal business operations restoration with minimal disruption.

## Tools for implementing DevSecOps Automation

### Development

[Git Secrets](https://github.com/awslabs/git-secrets) - Prevents you from committing secrets and credentials into git repositories

Security plugins (Snyk, Fortify, Veracode) in any IDE ([VSCode](https://marketplace.visualstudio.com/VSCode), [IntelliJ](https://www.jetbrains.com/idea/))

[Trufflehog](https://github.com/trufflesecurity/trufflehog) - Find and verify credentials

### Security (Application Security Testing)

Code Quality - SonarQube, CodeQL

SAST Security (Static) - Veracode, Chackmarx, Fortify

Software Composition Analysis (SCA) Security - Fortify, Veracode, Blackduck, Snyk

DAST (Dynamic) Security - OWASP ZAP, BurpSuite, WebInspect, Veracode DAST, Acunetix

Infrastructure as Code (IaC) Security - Bridgecrew, Snyk

Container Security - AQUA, Qualys, Prisma Cloud

### Operations

Pipeline Building - Jenkins, Azure DevOps, GCP CludBuild, AWS, GitHub Actions, GitLab

Cloud Security Posture Management - AQUA, BridgeCrew

Container Registry Scanning - AQUA, AWS Native Registry

Infrastructure Scanning Tools - Chief Inspec (Compliance), Nessus

Cloud Security - Azure Defense, AWS Security Hub, Prowler (AWS)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://martian1337.gitbook.io/notes/notes/product-security-engineering/devsecops.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.