社内LTで使用したスライドです
スライド内リンク:
参考:DORA の資料
https://dora.dev/capabilities/
https://dora.dev/capabilities/pervasive-security/
参考:DX Criteria の資料
https://dxcriteria.cto-a.org/b28408f9d5bd4c3294d7aa048e0ffdc2
代表的なSecret Scanningツール
- GitLeaks
- https://gitleaks.io/index.html
- GitHub Secret Scanning
- https://docs.github.com/en/code-security/secret-scanning/introduction/about-secret-scanning
- Trivy
- https://aquasecurity.github.io/trivy/v0.27.1/docs/secret/scanning/
代表的なSCAツール
- Trivy
- https://trivy.dev/
- Dependabot
- https://docs.github.com/ja/code-security/dependabot/working-with-dependabot
- Snyk Open Source
- https://snyk.io/jp/product/open-source-security-management/
代表的なSASTツール
- GitHub Advanced Security
- https://docs.github.com/ja/get-started/learning-about-github/about-github-advanced-security
- Semgrep
- https://semgrep.dev/products/semgrep-code
- Snyk Code
- https://snyk.io/jp/product/snyk-code/
- Trivy
- https://trivy.dev/
代表的なDASTツール
- Securify
- https://www.securify.jp/
- GMOサイバーセキュリティ byイエラエ
- https://gmo-cybersecurity.com/