realaravinth
/
notes
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
5 Commits 1 Branch 0 Tags 81 KiB
HCL 58.5%
Python 23.5%
Ruby 12.5%
Shell 2.5%
Makefile 1.8%
Other 1.2%
Go to file
Aravinth Manivannan 8e40bd2af8
feat: add license 		2022-10-07 22:28:05 +05:30
sandbox/serverspec/getting-started feat: try serverspec 2022-10-06 16:11:49 +05:30
LICENSE.md feat: add license 2022-10-07 22:28:05 +05:30
README.md feat: add top 25 most dangerous weaknesses 2022-10-06 16:58:12 +05:30

README.md

DevSecOps

  1. (DevSec Hardening Framework](https://dev-sec.io/): Automatic Server hardening

  2. Chef Inspec(Apacha 2.0 and proprietary): Infrastructure-as-Code to auto-configure VMs and apps running in it to meet compliance.

    The binary installation(the one you get when you follow installation instructions) requires accepting EULA, so essentially proprietary? Please see here for the issue discussing the EULA and here for building Apache 2.0 compliant binary.

    Also, there's the CINC is not CHef (CINC) project that distributes fully FOSS(Apache2.0 and free of EULAs) Chef software.

  3. MITRE Security Automation Framework (SAF): framework of tools, techniques, libraries developed by MITRE and security community

  4. MITRE 2020 DevSecOps Best Practices Guide

Linux

Security

  1. Hardening Guide

K8s

  1. NSA K8s Hardening Guide)))

Programming

  1. CWE 2022: Top 25 Most Dangerous Software Weakness

Notes

Chef