- Securing DevOps – A book on Security techniques for DevOps that reviews state of the art practices used in securing web applications and their infrastructure.
- ansible-os-hardening – Ansible role for OS hardening
- bunkerized-nginx – nginx Docker image secure by default
- Trivy – A simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for CI.
- Preflight – helps you verify scripts and executables to mitigate supply chain attacks in your CI and other systems.
- Teller – a secrets management tool for devops and developers – manage secrets across multiple vaults and keystores from a single place.
- Sonarqube – Static Code Reviewer.