33 lines
1.3 KiB
Markdown
33 lines
1.3 KiB
Markdown
## DevSecOps
|
|
|
|
1. (DevSec Hardening Framework](https://dev-sec.io/): Automatic Server
|
|
hardening
|
|
2. [Chef Inspec](https://community.chef.io/tools/chef-inspec)(Apacha 2.0 and proprietary): Infrastructure-as-Code to auto-configure VMs and apps running in it to meet compliance.
|
|
|
|
The binary installation(the one you get when you follow installation
|
|
instructions) requires accepting EULA, so essentially proprietary? Please see [here](https://github.com/inspec/inspec/issues/5109) for
|
|
the issue discussing the EULA and [here](https://saf.mitre.org/#/faq#5) for building Apache 2.0
|
|
compliant binary.
|
|
|
|
Also, there's the [CINC is not CHef (CINC)](https://cinc.sh/)
|
|
project that distributes fully FOSS([Apache2.0 and free of EULAs](https://cinc.sh/goals/)) Chef software.
|
|
|
|
3. [MITRE Security Automation Framework
|
|
(SAF)](https://saf.mitre.org/#/): framework of tools, techniques,
|
|
libraries developed by MITRE and security community
|
|
4. [MITRE 2020 DevSecOps Best Practices
|
|
Guide](https://saf.mitre.org/DevSecOps_Best_Practices_Guide_01262020.pdf)
|
|
|
|
## Linux
|
|
|
|
### Security
|
|
|
|
1. [Hardening Guide](https://github.com/trimstray/the-practical-linux-hardening-guide)
|
|
|
|
## K8s
|
|
|
|
1. [NSA K8s Hardening Guide](https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF))))
|
|
|
|
## Notes
|
|
|
|
### Chef
|