DevSecOps pipeline for Python based project using Jenkins, Ansible, AWS, and open-source security tools and checks.

Using PyRaider You can scan installed dependencies known security vulnerabilities. It uses publicly known exploits, vulnerabilities database.

Exemplo de workflow de segurança que realiza testes SAST, SCA, Secrets Scan e IaC Scan via GitHub Actions utilizando ferramentas open source.

DevSecOps pipeline for Python based web app using Jenkins, Ansible, AWS, and open-source security tools and checks.

Gitlab CI jobs stdout secrets finder

Hardened, FIPS 140-3 compliant OpenSSL container on Wolfi OS. Features hermetic SLSA L3 builds, Zero-CVE distroless images, and a rigorous automated audit engine (50+ Tests & Benchmarks).

A fully functional DevSecOps Continuous Integration (CI) pipeline using GitHub Actions.

Enterprise-grade DevSecOps CI/CD pipeline — Gitleaks, pip-audit, Bandit, SonarCloud, OWASP ZAP, Trivy, SBOM, 3-environment deploy with manual approval gate

MCP-Chat AI DevSecOps Demo A lightweight conversational AI that plugs into the Model Context Protocol (MCP). Includes automated SAST/DAST in CI/CD so every build flags and fixes container misconfigurations before they hit prod.

Download Historic Reports using Veracode API

This repository is a Challenge for the DevOps Community to get stronger in DevOps. This challenge starts on the 27th January 2024 and in the next 90 Days we promise ourselves to become better at DevOps. The reason for making this Public is so that others can learn from the community and help each other grow.

Enterprise-grade DevSecOps pipeline implementing Shift-Left Security. Automated SAST, SCA, and Container Scanning using GitHub Actions, Semgrep, Trivy, and pip-audit. Built for secure SDLC

🔐 Enforce real CI/CD approval integrity — block self-approvals, detect reassigned approvals, and validate trusted approvers at runtime. Built by NextSecurity for teams scaling secure DevOps.