No description
Find a file
2022-10-07 22:28:05 +05:30
sandbox/serverspec/getting-started feat: try serverspec 2022-10-06 16:11:49 +05:30
LICENSE.md feat: add license 2022-10-07 22:28:05 +05:30
README.md feat: add top 25 most dangerous weaknesses 2022-10-06 16:58:12 +05:30

DevSecOps

  1. (DevSec Hardening Framework](https://dev-sec.io/): Automatic Server hardening

  2. Chef Inspec(Apacha 2.0 and proprietary): Infrastructure-as-Code to auto-configure VMs and apps running in it to meet compliance.

    The binary installation(the one you get when you follow installation instructions) requires accepting EULA, so essentially proprietary? Please see here for the issue discussing the EULA and here for building Apache 2.0 compliant binary.

    Also, there's the CINC is not CHef (CINC) project that distributes fully FOSS(Apache2.0 and free of EULAs) Chef software.

  3. MITRE Security Automation Framework (SAF): framework of tools, techniques, libraries developed by MITRE and security community

  4. MITRE 2020 DevSecOps Best Practices Guide

Linux

Security

  1. Hardening Guide

K8s

  1. NSA K8s Hardening Guide)))

Programming

  1. CWE 2022: Top 25 Most Dangerous Software Weakness

Notes

Chef