We are getting close to the end of the year and Christmas (the best time of the year!), which also means budgeting for some of us.
If you happen to watch any news or visit a nearby grocery store, you know the economy is not going well, and no surprise it is also affecting our cybersecurity budgets.
So that's why I wanted to research the topic and share my findings about devsecops tools.
CandyShop DevSecOps is a database of vulnerability scanning tool results. It is available to cybersecurity professionals only. (closed beta)
Test Beds: OWASP JuiceShop, Broken Crystals, Altoro Mutual
Scanning Tools: semgrep, CodeQL, nodejsscan, Nuclei, OWASP ZAP, Dependabot, Dependency Check, Trivy, Grype
Most AppSec teams are not yet aware of it; some plan to take action this year, and some have tried to develop it internally, but what is the ASOC tool?
ProjectDiscovery.io is one of the fastest growing open source initiatives going viral in #devsecops, accelerating the path to a more secure world🦾.