Useful Links
Computer Science
Cybersecurity
DevSecOps and Securing CI/CD Pipelines
1. Foundations of DevSecOps
2. Understanding CI/CD Pipelines
3. Securing the Pre-Commit and Source Code Stage
4. Securing the Build Stage
5. Securing the Test Stage
6. Securing the Deployment Stage
7. Security in Operations and Post-Deployment
8. DevSecOps Tools and Technologies
9. Culture, Governance, and Organizational Change
Securing the Pre-Commit and Source Code Stage
Threat Modeling Integration
Threat Modeling Fundamentals
Purpose and Benefits
Integration Points in SDLC
Stakeholder Involvement
Threat Modeling Methodologies
STRIDE Framework
Spoofing Identity
Tampering with Data
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege
DREAD Assessment Model
Damage Potential
Reproducibility
Exploitability
Affected Users
Discoverability
PASTA Methodology
Process for Attack Simulation and Threat Analysis
Seven-Stage PASTA Process
OCTAVE Method
TRIKE Framework
Threat Modeling Tools and Automation
Microsoft Threat Modeling Tool
OWASP Threat Dragon
Automated Threat Model Generation
Secure Coding Practices
Secure Coding Standards
OWASP Secure Coding Practices
Language-Specific Security Guidelines
Java Security Best Practices
Python Security Guidelines
JavaScript Security Practices
C/C++ Security Standards
.NET Security Guidelines
Industry Security Standards
CERT Secure Coding Standards
SANS Secure Coding Practices
Code Review Security Integration
Security-Focused Code Review
Peer Review Best Practices
Security Review Checklists
Automated Code Review Tools
Input Validation and Output Encoding
Input Validation Techniques
Output Encoding Strategies
Cross-Site Scripting Prevention
SQL Injection Prevention
Pre-Commit Security Controls
Pre-Commit Hook Implementation
Git Hook Configuration
Automated Security Checks
Developer Workflow Integration
Secret Detection and Prevention
Hardcoded Secret Detection
Secret Scanning Tools
GitLeaks
TruffleHog
detect-secrets
Secret Prevention Strategies
Code Quality and Security Linting
Static Analysis Integration
Security-Focused Linters
Code Formatting and Standards
Dependency Security Scanning
Vulnerable Dependency Detection
License Compliance Checking
Dependency Update Management
Source Code Repository Security
Repository Access Control
Authentication Mechanisms
Authorization Models
Role-Based Access Control
Principle of Least Privilege
Branch Protection and Policies
Branch Protection Rules
Required Status Checks
Pull Request Requirements
Merge Restrictions
Commit Security and Integrity
Commit Signing with GPG/PGP
Commit Verification
Commit Message Standards
Repository Security Monitoring
Access Logging and Auditing
Suspicious Activity Detection
Security Event Alerting
Previous
2. Understanding CI/CD Pipelines
Go to top
Next
4. Securing the Build Stage