devsecops-engine-tools
by bancolombia
DevSecOps Engine Tools is a comprehensive toolchain for evaluating DevSecOps practices across various platforms.
Toolchain for the evaluation of different devsecops practices
Primary Use Case
This tool is designed for DevSecOps professionals who need to assess and enhance security practices in their DevOps pipelines. It supports a wide range of platforms and integrates with both open-source and commercial tools to provide a unified security evaluation framework.
- Infrastructure as Code Security
- Vulnerability Scanners
- Secrets Management
- Platform Agnostic
- Integration with Open Source and Market Tools
Installation
- Ensure Python >= 3.8 is installed
- Run the command: pip3 install devsecops-engine-tools
Usage
>_ devsecops-engine-tools --platform_devops ["local","azure","github"]Specifies the DevOps platform to use for the evaluation.
>_ --module ["engine_iac", "engine_dast", "engine_secret", "engine_dependencies", "engine_container", "engine_risk", "engine_code"]Selects the specific DevSecOps module to run.
>_ --tool ["nuclei", "bearer", "checkov", "kics", "kubescape", "trufflehog", "gitleaks", "prisma", "trivy", "xray", "dependency_check"]Chooses the tool to use within the selected module.
- Repurposing: Use the tool's secrets management capabilities to audit and secure API keys and credentials across legacy systems, ensuring they comply with modern security standards.
- Chaining: Combine this tool with a SIEM solution to automatically trigger alerts and remediation workflows when vulnerabilities or misconfigurations are detected in DevOps pipelines.
- Evasion/Detection: Attackers might attempt to bypass this tool by using obfuscation techniques or exploiting zero-day vulnerabilities. Implementing anomaly detection on logs generated by the tool can help identify such attempts.
- Data Fusion: Correlate the output of this tool with threat intelligence feeds to prioritize vulnerabilities based on active threat actor campaigns targeting similar technologies.
- Automation: Integrate the tool with CI/CD pipelines to automatically halt deployments if critical vulnerabilities are detected, ensuring that only secure code is promoted to production.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about devsecops-engine-tools. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
earthly
earthly/earthly
Super simple build framework with fast, repeatable builds and an instantly familiar syntax – like Dockerfile and Makefile had a baby.
pull
wei/pull
🤖 Keep your forks up-to-date via automated PRs
jx
jenkins-x/jx
Jenkins X provides automated CI+CD for Kubernetes with Preview Environments on Pull Requests using Cloud Native pipelines from Tekton
zizmor
zizmorcore/zizmor
Static analysis for GitHub Actions
garden
garden-io/garden
Automation for Kubernetes development and testing. Spin up production-like environments for development, testing, and CI on demand. Use the same configuration and workflows at every step of the process. Speed up your builds and test runs via shared result caching
okteto
okteto/okteto
Develop your applications directly in your Kubernetes Cluster