Skip to content

Latest commit

 

History

History
896 lines (606 loc) · 62.7 KB

awesome-ops.md

File metadata and controls

896 lines (606 loc) · 62.7 KB
Raw

awesome-AIOps

White Paper

Course and Slides

Industry Practice

Article

Tools and Algorithms

Paper

Dataset

Useful WeChat Official Accounts

  • 腾讯织云(腾讯的)
  • 智能运维前沿(清华裴丹团队的)
  • AIOps智能运维(百度的)
  • 华为产品可服务能力(华为的)
  • 知乎专栏:智能运维(AIOps)

运维相关管理系统

以下是收集的一些github上开源的运维管理系统,都各有特色

运维管理系统

  • pythonzm/Ops - 基于centos6+python3.6+django2+ansible2.4+celery4.2 运维管理系统,目前实现功能:用户和用户组管理、资产管理、集成ansible2.4、简易堡垒机(主机分配支持rdp以及vnc、用户分配、文件上传下载、配置禁用命令清单、操作录像回放功能)、CI/CD(支持git仓库和svn仓库)、数据库管理(一部分)、celery任务编排、知识库及文件共享
  • leoiceo/OpenSA - 资产管理、资产采集、灰度发布、反向代理、批量任务、任务编排、计划任务、日志审计、权限管理、角色管理、部门管理、运维自动化 http://opensa.imdst.com
  • liquanzhou/cedardeploy - cedardeploy:发布系统基于python,flask,mysql,git,ssh-key,supervisor.支持多类型,上线,回滚,监控,报警
  • cksgf/ServerManagement - 服务器管理工具,目前有文件管理器、进程监控、计划任务、webSSH、多主机管理等,准备在自己服务器上用,后续会加入更多运维相关,本项目后端python+flask,前端使用layui+jquery,代码在线编辑使用codemirror,webSSH后端使用paramiko前端xterm
  • open-cmdb/cmdb - CMDB 配置管理系统 资产管理系统 http://cmdb.mmtweb.xyz
  • smallmi/omms - OMMS运维监控系统,功能介绍: 资产管理 应用管理 任务执行 权限管理等 http://www.smallmi.com
  • getway/diting - 运维面板,运维导航,统一账号平台,运维统一平台,LDAP管理平台
  • hgz6536/opman-django - 自动化运维平台:CMDB、CI/CD、DevOps、资产管理、任务编排、持续交付、系统监控、运维管理、配置管理
  • voilet/cmdb - cmdb saltstack
  • wylok/opsweb - 运维综合管理平台(python3+flask+pycharts+scheduler+gunicorn),模块化结构设计,底层需要mysql、influxdb、elasticsearch、zabbix、k8s等数据源数据作为支撑。由于依赖数据源相关基础数据,仅限于代码交流学习。别忘了给个star^_^
  • itimor/django-oms - 加强版运维系统,集成工单、发布、监控、管理dns、saltstack
  • py2010/cmdb - django, webssh, websftp, docker 容器管理, web => xshell (从CMDB网页直接跳转到Xshell终端)
  • opendevops-cn/opendevops - CODO是为用户提供企业多混合云、自动化运维、完全开源的云管理平台 http://www.opendevops.cn/
  • dreamans/syncd - syncd是一款开源的代码部署工具,它具有简单、高效、易用等特点,可以提高团队的工作效率. https://rsy.me/syncd
  • YoLoveLife/DevOps - 😃DevOps System - ❤️devEops❤️ - 开发自运维平台 - 运维体系解决方案,适用于多个应用环境的资产组织以及运维脚本的适配运行。
  • welliamcao/VManagePlatform - 一个KVM虚拟化管理平台
  • sohutv/cachecloud - 搜狐视频(sohu tv)Redis私有云平台 http://cachecloud.github.io/
  • meolu/walle-web - walle - 瓦力 Devops开源项目代码部署平台 https://walle-web.io
  • luxiaok/SaltAdmin - 基于SaltStack的自动化运维平台 https://github.com/luxiaok/SaltAdmin
  • guohongze/adminset - 自动化运维平台:CMDB、CD、DevOps、资产管理、任务编排、持续交付、系统监控、运维管理、配置管理
  • cookieY/Yearning - Mysql web端sql审核平台 http://yearning.io/

dns管理工具

跳板机

数据库监控系统

k8s相关

  • Qihoo360/wayne - Wayne 是一个通用的、基于 Web 的 Kubernetes 多集群管理平台。通过可视化 Kubernetes 对象模板编辑的方式,降低业务接入成本, 拥有完整的权限管理系统,适应多租户场景,是一款适合企业级集群使用的发布平台。
  • goodrain/rainbond - Rainbond(云帮)是企业应用的操作系统。 Rainbond支撑企业应用的开发、架构、交付和运维的全流程,通过“无侵入”架构,无缝衔接各类企业应用,底层资源可以对接和管理IaaS、虚拟机和物理服务器。

Awesome Devops

A curated list of resources for DevOps

What is DevOps?

DevOps (a clipped compound of "development" and "operations") is a culture, movement or practice that emphasizes the collaboration and communication of both software developers and other information-technology (IT) professionals while automating the process of software delivery and infrastructure changes. Wikipedia

Index

Culture

Process

Project Management

Mapping

  • Wardley Mapping - An introduction to Value Chain Mapping to help understand the "Why" for organisations and Devops Teams.

Automation

Quality

Open Source

Technology

Containers

Operating Systems

Cloud

Microservices

Security

Tools

Containers

  • Docker - The tool that kickstarted the modern container movement
  • rkt - An alternative container runtime and spec by the team at CoreOS

Operating Systems

Cluster Managers

Source Control

  • Git - The most popular distributed version control system.
  • Mercurial
  • Github - Git repo hosting as a Service
  • Gitlab - Self-hosted Git repos

Configuration Management

Continuous Integration & Deployment

Incident Management

Misc

  • Awesome Lists - A list of Awesome lists (very meta!)
  • DevOps Weekly - A weekly mailing list with interesting DevOps related News and Tools
  • DevOpsLinks - A newsletter & team chat with interesting DevOps related News and Tools
  • Sysadvent - One DevOps/Sysadmin related article for each day of December, ending on the 25th article.
  • The Phoenix Project - A Novel about IT, DevOps, and Helping Your Business Win
  • DevOps'ish - A newsletter focused on People, Process, and Tools in the DevOps, Cloud Native, and Open Source spaces.

Awesome DevOps

This is the awesome list with all open source and free applications that you can use in your management.

Table of Contents

Cloud Computing

IaaS (IaaS:基础设施服务,Infrastructure-as-a-service)

Cracow Cloud One (Opensource) The CC1 system provides a complete solution for Private Cloud Computing.

CloudOver (Opensource) CloudOver project is a cloud computing challenge to create simple and scalable open source platform for IaaS cloud environments.

CloudStack (Opensource) Apache CloudStack is open source software designed to deploy and manage large networks of virtual machines, as a highly available, highly scalable Infrastructure as a Service (IaaS) cloud computing platform.

Danube Cloud (Opensource) Datacenter delivered.

Eucalyptus (Opensource) Eucalyptus is open source software for building Amazon Web Services-compatible private and hybrid clouds.

OpenNebula (Opensource) Simple yet Powerful Turnkey Solution to Build Clouds and Manage Data Center Virtualization.

Openstack (Opensource) OpenStack controls large pools of compute, storage, and networking resources throughout a datacenter, managed through a dashboard or via the OpenStack API.

Proxmox VE (Opensource) A complete open source server virtualization management software based on KVM and container-based virtualization and manages virtual machines, Linux containers, storage, virtualized networks, and HA clusters.

Synnefo (Opensource) Synnefo is open source cloud software, used to create massively scalable IaaS clouds.

Wakame (Opensource) Wakame-vdc is an IaaS cloud computing framework. Basically you can set it up and offer server infrastructure "up in the cloud". Users can control Wakame-vdc through a web browser.

ZStack (Opensource) ZStack is open source IaaS software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs.

PaaS (PaaS:平台服务,Platform-as-a-service)

Apache Stratos (Opensource) Highly-extensible PaaS framework that helps run Apache Tomcat, PHP, and MySQL applications and can be extended to support many more environments on all major cloud infrastructures.

Atlantis (Opensource) Atlantis is an Open Source PaaS for HTTP applications built on Docker and written in Go. It makes it easy to build and deploy applications in a safe, repeatable fashion, and flexibly route requests to the appropriate containers.

Cloud Foundry (Opensource) Cloud Foundry provides deep and varied products and services as a platform as a service.

Cloudify (Opensource) Pure-Play Open Source Cloud Orchestration.

Cloudron (Opensource) Effortlessly Self-Host Web Apps. Cloudron is a platform to run apps on your server.

Convox (Opensource) Build, deploy, and manage applications with ease.

Deis (Opensource) Your PaaS. Your Rules. Open Source Application Platform For Public and Private Clouds.

Dokku (Opensource) A docker-powered mini-Heroku PaaS that helps you build and manage the lifecycle of applications. The smallest PaaS implementation you've ever seen.

Flynn (Opensource) Flynn deploys apps, scales apps, and manages databases with best practices right out of the box. Automatically doing all the things that were too complicated, expensive, or time consuming to do manually.

Helion Stackato (Free) HPE’s Cloud Foundry Foundation-certified PaaS solution, and leads efforts to advance open standards, higher quality, and interchangeability among industry vendors.

Kel (Opensource) An open-source, Kubernetes-based PaaS built in Python and Go.

Last.Backend (Opensource) OLast.Backend is an open-source platform, which allows you build a personal cloud on your servers based on kubernetes technology.

Openshift Origin (Opensource) OpenShift 3, build, deploy, and manage your applications with Docker and Kubernetes.

Puffin (Opensource) Lightweight webapp catalog based on containers, with user interface à la mobile app store.

SlipStream (Opensource) SlipStream open source PaaS, App Store and DevOps engine.

Tsuru (Opensource) Tsuru is an extensible and open source Platform as a Service software.

CaaS/FaaS

AMP (Opensource) An open source CaaS for Docker, batteries included.

Apache OpenWhisk (Opensource) A serverless, open source cloud platform that executes functions in response to events at any scale.

ATOMIQ (Opensource) The open source unified CaaS / FaaS platform for Docker, batteries included.

Fission (Opensource) Fission is a framework for serverless functions on Kubernetes.

IronFunctions (Opensource) IronFunctions is an open source serverless computing platform for any cloud - private, public, or hybrid.

OpenFaaS (Opensource) Serverless Functions Made Simple.

OpenLambda (Opensource) An Apache-licensed serverless computing project, written in Go and based on Linux containers.

Continuous Integration and Continuous Deployment

Go to top

Abstruse (Opensource) A Continuous Integration platform requiring zero or minimal configuration to get started, providing safe testing and deployment environment using Docker containers.

Buildbot (Opensource) Buildbot is an open-source framework for automating software build, test, and release processes.

Concourse (Opensource) Concourse is a pipeline-based CI system written in Go.

CruiseControl (Opensource) CruiseControl is both a continuous integration tool and an extensible framework for creating a custom continuous build process.

Deployer (Opensource) Deployment tool for PHP.

Drone (Opensource) Drone is a Continuous Delivery platform built on Docker, written in Go.

Gitlab CI (Opensource) GitLab has integrated CI and CD to test, build and deploy your code.

GO CD (Opensource) Automate and streamline your build-test-release cycle for reliable, continuous delivery of your product.

Integrity (Opensource) Continuous Integration server.

Jenkins (Opensource) Jenkins provides hundreds of plugins to support building, deploying and automating any project.

PHPCI (Opensource) PHPCI is a free and open source continuous integration tool specifically designed for PHP.

Strider (Opensource) Open Source Continuous Integration & Deployment Server.

TeamCity (Free) Powerful Continuous Integration out of the box.

Desktop utilities

Go to top

Windows

AxCrypt (Opensource) AxCrypt is the leading open source file encryption software for Windows. It integrates seamlessly with Windows to compress, encrypt, decrypt, store, send and work with individual files.

CrystalDiskInfo (Opensource) A HDD/SSD utility software which supports S.M.A.R.T. and a part of USB-HDD.

CurrPorts (Free) CurrPorts is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer.

RapidCRC Unicode (Opensource) Windows tool to quickly create and verify hash checksums.

Rufus (Opensource) The Reliable USB Formatting Utility.

Linux

Mac

All (yeah!)

Camunda (Opensource) Camunda is an open source platform for workflow and business process management.

Etcher (Opensource) Burn images to SD cards & USB drives, safe & easy.

Insomnia (Free) A simple, beautiful, and free REST API client.

OWASP ZAP (Opensource) The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

Synergy (Opensource) Synergy combines your desktop devices together in to one cohesive experience. It's software for sharing your mouse and keyboard between multiple computers on your desk. It works on Windows, Mac OS X and Linux.

Firewall, Gateway and appliances

Go to top

BrazilFW (Free) Mini Linux distribution designed to be used as a Firewall and Router that runs easily on older computers.

ClearOS Community (Free) Linux distribuiton designed for use in small and medium enterprises as a network gateway and network server with a web-based administration interface.

Endian (Free) Linux based product designed for home that can transform any unused hardware appliance into a full-featured Unified Threat Management solution and to make security simple and help protect home networks by using the power of Opensource.

IPCop (Free) The IPCop Firewall is a Linux firewall distribution. It is geared towards home and SOHO users. The IPCop web-interface is very user-friendly and makes usage easy.

IPFire (Opensource) The Open Source Firewall Distribution.

NethServer (Opensource) NethServer is an operating system for Linux enthusiasts, designed for small offices and medium enterprises.

OPNsense (Opensource) OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform.

pfSense (Opensource) The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality.

Smoothwall (Free) Free firewall that includes its own security-hardened GNU/Linux operating system and an easy-to-use web interface.

Sophos UTM Home Edition (Free) Sophos UTM is easy to use, thanks to the configurable real-time dashboard, flexible modular licensing, and intuitive reusable network object definitions.

Untangle NG Firewall (Free) NG Firewall manages every aspect of network control from content filtering to web caching, remote access to policy enforcement, all in one simple, drag & drop interface.

VyOS (Opensource) VyOS is a community fork of Vyatta, a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality.

Zentyal Server (Opensource, Forum) The on-premise Mail and Directory server.

Mail

Go to top

Server

hMailServer (Opensource) Opensource mail server for Microsoft Windows.

MTA

Client

N1 (Opensource) An extensible mail client built on the modern web.

Webclient

AfterLogic WebMail Lite (Opensource, Demo) Fast and easy-to-use webmail front-end for your existing IMAP mail server, Plesk or cPanel.

Cypht (Opensource) All your E-mail, from all your accounts, in one place. Cypht is like a news reader, but for E-mail. Cypht does not replace your existing accounts - it combines them into one. And it's also a news reader :).

Mailpile (Opensource) Mailpile is an effort to reclaim private communication on the Internet. A project to rescue our personal lives from the proprietary cloud and prevent our conversations from being strip-mined for corporate profit and government surveillance.

ProtonMail WebClient (Opensource) Official AngularJS Web Client for ProtonMail.

RainLoop (Opensource, Demo) Simple, modern & fast web-based email client.

Roundcube (Opensource, Demo) A browser-based multilingual IMAP client with an application-like user interface.

SquirrelMail (Opensource, Demo) Standards-based webmail package written in PHP. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility across browsers.

All-in-one

Axigen (Free, Demo) The Axigen Free Mail Server is a great alternative to open source. It is a turnkey messaging solution, perfect for small & micro businesses, integration projects or test environments.

Citadel (Opensource) Easy, versatile, and powerful, thanks to its exclusive "rooms" based architecture.

iRedMail (Opensource) A zero cost, fully fledged, full-featured mail server solution.

Kolab (Opensource) The world's most loved open source collaboration software.

Mailcow (Opensource) Mailserver suite based on Dovecot, Postfix and other open source software, that provides a modern Web UI for administration. In future versions mailcow will provide Cal- and CardDAV support.

Mail-in-a-Box (Opensource) Mail-in-a-Box lets you become your own mail service provider in a few easy steps. It’s sort of like making your own gmail, but one you control from top to bottom.

Modoboa (Opensource, Demo) Mail hosting and management platform including a modern and simplified Web User Interface. It provides useful components such as an administration panel or a webmail.

PEPS (Opensource) Open source Email + File sharing with end-to-end encryption.

Poste (Free, Demo) Complete mail server built in docker.

SOGo (Opensource) Share your calendars, address books and mails in your community with a completely free and open source solution.

Zimbra (Opensource) Zimbra Collaboration Open Source Edition provides administrators and their end users innovative features that solve the challenges faced by organizations using today's legacy communications infrastructure.

Gateway

CipherMail (Free) Centrally managed email encryption at the gateway level and on mobile devices.

Scrollout F1 (Free) An easy to use, already adjusted email gateway (firewall) offering free anti-spam, anti-virus protection in order to secure all existing email servers, such as Microsoft Exchange, Lotus Domino, Postfix, Exim, Qmail and more.

MailCleaner (Free) MailCleaner is a full email filtering gateway. It includes a complete GNU/Linux OS and a graphical web interface for user and administrative access.

Xeams (Free) Free email server that can be used by any corporation to handle their enterprise email. It works on any operating system and can handle unlimited number of emails and domains. Xeams can work in 3 modes, Stand alone, Spam firewall or Hybrid mode.

Tools

ViMbAdmin (Opensource) The ViMbAdmin provides a web based virtual mailbox administration system allowing mail administrators to manage domains, mailboxes and aliases.

Version Control System "VCS"

Go to top

VCS

Bazaar (Opensource) Distributed VCS that enables easy collaborative development. One of Bazaar's strengths is its adaptibility to different work flows, centralized, distributed or anything in between.

BitKeeper (Opensource) BitKeeper is a fast, enterprise-ready, distributed SCM that scales up to very large projects and down to tiny ones.

CVS (Opensource) Concurrent Versions System is a version control system, an important component of Source Configuration Management (SCM). Using it, you can record the history of sources files, and documents.

Darcs (Opensource) Free and open source, cross-platform version control system, like git, mercurial or svn but with a very different approach: focus on changes rather than snapshots.

Fossil (Opensource) Simple, high-reliability, distributed software configuration management system with these advanced features, Integrated Bug Tracking, Wiki, and Technotes, Built-in Web Interface, Self-Contained, Autosync and more.

Git (Opensource) Free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.

Mercurial (Opensource) Mercurial is a free, distributed source control management tool. It efficiently handles projects of any size and offers an easy and intuitive interface.

Subversion (Opensource) Open-source, centralized version control system characterized by its reliability as a safe haven for valuable data.

Client

NaughtySVN (Opensource) A Nautilus extension for Subversion.

PagaVCS (Opensource) PagaVCS is a Nautilus, Thunar and mugCommander integrated TortoiseSVN clone, Subversion GUI client for Linux desktop.

RabbitVCS (Opensource) RabbitVCS is a set of graphical tools written to provide simple and straightforward access to the version control systems you use.

TortoiseGit (Opensource) TortoiseGit provides overlay icons showing the file status, a powerful context menu for Git and much more!

TortoiseSVN (Opensource) An Apache SVN client, implemented as a Windows shell extension.

Server

Bonobo Git Server (Opensource) Set up your own self hosted git server on IIS for Windows. Manage users and have full control over your repositories with a nice user friendly graphical interface.

Gitblit (Opensource) Gitblit is an open-source, pure Java stack for managing, viewing, and serving Git repositories.

GitBucket (Opensource, Demo) A Git platform powered by Scala with easy installation, high extensibility & github API compatibility.

Gitea (Opensource) Gitea: Git with a cup of tea.

Gitlab Community (Opensource, Demo) Web-based Git repository manager with wiki and issue tracking features.

Gitolite (Opensource) Gitolite allows you to setup git hosting on a central server, with very fine-grained access control and many (many!) more powerful features.

gitprep (Opensource, Demo) Portable GitHub system into your own server.

Gogs (Opensource, Demo) Gogs (Go Git Service) is a painless self-hosted Git service.

Kallithea (Opensource, Demo) Free Software source code management system that supports two leading version control systems, Mercurial and Git, and has a web interface that is easy to use for users and admins.

Pagure (Opensource, Demo) You can host your project, let your users report issues or request enhancements using the ticketing system and build your community of contributors allowing them to fork your projects and contribute to it via the now-popular pull-request mechanism.

RhodeCode Community (Opensource, Demo) On-premise Source Code Management for Mercurial, Git & Subversion.

SCM Manager (Opensource) The easiest way to share and manage your Git, Mercurial and Subversion repositories over http.

Sourcegraph (Free) Sourcegraph is the smarter code host powering top-tier development teams.

VisualSVN Server (Free) VisualSVN Server makes the Subversion server easy and convenient to install and administer on Windows.

Tools

cgit (Opensource) A hyperfast web frontend for git repositories written in C.

iF.SVNAdmin (Opensource) Web-based GUI to manage Subversion repositories and User/Group permissions (+LDAP support).

Git Cola (Opensource) Git Cola is a sleek and powerful graphical user interface for Git.

GitList (Opensource) An elegant and modern git repository viewer.

GitPHP (Opensource) Web frontend for git repositories. It emulates the look of standard gitweb, but is written in PHP and makes use of Smarty templates for customization..

Git Webui (Opensource) A standalone local web based user interface for git repositories.

Git Web Access (Opensource) Provides an ASP.NET HttpHandler that let you run Smart HTTP Git on IIS.

ViewVC (Opensource) ViewVC is a browser interface for CVS and Subversion version control repositories. It generates templatized HTML to present navigable directory, revision, and change log listings.

WebSVN (Opensource) WebSVN offers a view onto your subversion repositories. You can view the log of any file or directory and see a list of all the files changed, added or deleted in any given revision.

Awesome DevSecOps Awesome

Inspired by the awesome-* trend on GitHub. This is a collection of documents, presentations, videos, training materials, tools, services and general leadership that support the DevSecOps mission. These are the essential building blocks and tidbits that can help you to arrange for a DevSecOps experiment or to help you build out your own DevSecOps program.

This list will not be fully comprehensive and will change as DevSecOps matures. We intend for it to be an awesome list that grows and changes as the community learns and improves how DevSecOps is implemented and adopted. To be included in this list, the information, tools, vendors or initiative must provide for Free or Open Source capabilities that help with the DevSecOps mission. Links that lead to a commercial aspect are noted with a (P).

Table of Contents generated with DocToc

Information

We've been working across the industry to learn more about the different types of DevOps + Security initiatives. This collection has been pulled together and includes: Podcasts, Videos, Presentations, and other Media to help you learn more about DevSecOps, SecDevOps, DevOpsSec, and/or DevOps + Security.

Guidelines

While we're not into the paper-way of doing things, sharing sound advice and good recommendations can make software stronger. We aim to make these guidelines better through code.

Presentations

Many talks are now targeting the change of adding Security into the DevOps environment. We've added some of the most notable ones here.

Initiatives

There are a variety of initiatives underway to migrate security and compliance into DevOps. We've included links for active projects here:

Keeping Informed

We've discovered a treasure trove of mailing lists and newsletters where DevSecOps like us are sharing their skills and insights.

Wardley Maps for Security

One way for people to continue to evolve their capabilities and share common understanding is through the development of Wardley Maps. We're collecting this information and providing some good examples here.

Training

DevSecOps requires an appetite for learning and agility to quickly acquire new skills. We've collected these links to help you learn how to do DevSecOps with us.

Labs

Labs are hands-on learning opportunities to grow your skills in Dev, Sec, and Ops. All skills are useful and need to be grown so that you can have the empathy, knowledge and trade to operate DevSecOps style.

Vulnerable Test Targets

It's important to build up knowledge by learning how to break applications left vulnerable by security mistakes. This section contains a list of vulnerable apps that can be deployed to learn what not to do. These same apps can be made safe by remediating the intentional vulnerabilities to learn how to prevent attackers from gaining access to underlying infrastructure or data.

Conferences

A body of knowledge for combining DevOps and Security has been delivered via conferences and meetups. This is a short list of the venues that have dedicated a portion of their agenda to it.

Podcasts

A small collection of DevOps and Security podcasts.

Books

Books focussed around DevSecOps, bringing the security focus up front.

Tools

This collection of tools are useful in establishing a DevSecOps platform. We have divided the tools into several categories that help with the different divisions of DevSecOps.

Dashboards

Visualization is an important element of identifying, sharing and evolving the security information that passes from the beginning of the creative process through to operations.

Automation

Automation platforms have an advantage of providing for scripted remediation when security defects are surfaced.

Hunting

This list of tools provide the capabilities necessary for finding security anomalies and identifying rules that should be automated and extended to support scale demands.

Testing

Testing is an essential element of a DevSecOps program because it helps to prepare teams for Rugged operations and to determine security defects before they can be exploited.

Alerting

Once you discover something important, response time is critical and essential to the Incident Response required to remediate a security defect. These links include some of the projects that provide for Alerting and Notifications.

Threat Intelligence

There are many sources for Threat Intelligence in the world. Some of these come from IP Intelligence and others from Malware repositories. This category contains tools that are useful in capturing threat intelligence and collating it.

Attack Modeling

DevSecOps requires a common attack modeling capability that can be done at speed and scale. Thankfully there are efforts underway to create these useful taxonomies that help us operationalize attack modeling and defenses.

Secret Management

To support security as code, sensitive credentials and secrets need to be managed, security, maintained and rotated using automation. The projects below provide DevOps teams with some good options for securing sensitive details used in building and deploying full stack software deployments.

Red Team

These are tools that we find helpful during Red Team and War Game exercises. The projects in this section help with reconnaissance, exploit development, and other activities common within the Kill Chain.

Visualization

Making DevSecOps discoveries is already hard enough with all the APIs and Command Line tools. This list provides tools to visualize your work either via flowcharts, graphs or maps.

Sharing

A collection of tools to help with sharing knowledge and telling the story.

ChatOps

One of the greatest changes you can make in your organization is boundaryless communications. Setting up ChatOps can enable everyone to come together and solve problems.