March 4, 2026

Dev-Sec-Ops Tools

Gaurav Srivastava September 30, 2024
 Category of Conventional Dev-Sec-Ops Tools

 Publish Date: Jun 13, 2024

DevSecOps –Process

Threat Modeling Tools  OWASP Threat Dragon, ThreatMode/er, Threatspec, Raindance, PyTM. MAL, Threagile. SO elements. Tutamen Threat Model Automator. Yakindu Security Analyst. Threat Playbook, DREAD,IriusRisk
Pre-Commit Hooks  Git Secrets, pre Commit, DetectSecrets, Git Hound. Truffle Hog
Software Cornposition Analysis Rubysec, Retire IS, Requires.O, Repo-SupervSOr ,veracode
Static Analysis Security Testing  Bandit, Brakeman, Codesake Dawn, Findbugs, PMD, Graudit, RIPS. Puma Scan, Reshift, INSIDER CLI, Spectralops, Klocwork, HCL Appscan, Fortify, Coverity, .NET Security Guard, CodeWarrior,veracode
IDE Plug-ins  DevSkim, JFrog Eclipse. Snyk, CAT.net. Spotb%:s. Findbugs, FindSecBugs
Secrets Management   Hashicorp Torus, Keywhiz, EnvKey, Confidant, Doppler, Berglas
Dynamic Application Security Testing (DAST)  Arachni Scanner, Nikto. Acunetid, Fortify, Weblnspect, Veracode Dynamic Analysis, w3af, Wapiti. entnel Dynamic. Rapid7. Misterscanner, ACL Appear’, GitLab Ultimate
Compiance as Code inspec, Serverspec, DevSec Hardening Framework, Kitchen O, Docker Bench for Security
Web Application Firewall ModSecurity WAF, NAXSI, WebKnight, Shadow Daernon, Imperva WAF
Security in Infrastructure as Code  Clair. Anchore Engine, Dada. Open-sap, Dockscan, Snyk IaC Security, Infrastructure VAS, CloudSpIOit, Accurics, Checkov, TFLint
Vulnerability Management ArchervSec, Defect Dojo, JackHammer, ThreadFix, Qua/ys. Flexera, Rapid7 InsightVM. Falcon Spotlight, Vulnerability Manager Plus. IP360, Kenna Security. Fsecure Elements VM, GFI Languard, Greenbone’s VM, beSECURE
Container scanning tools Anchore, Snyk,Lacework,StackRox, Docker hub,Aqua Security ,Falco
RASP-runtime application self-protection Fortify,Imperva, Signal Sciences,Jscrambler, Hdiv, ContrastSecurity, Appsealing, K2 Security Platform

NOTE: The Information provided is on “as is” basis, without assurance of any kind.

Revision history

  1. 13-Sept-24 –  first advisory released. — first list released
  2. 30-Sept-24- Contaoner scanning tool added
  3. 01-Oct-24- RASP tool list added
  4. 15-Jan-25 -process updated

About The Author

Gaurav Srivastava

15+ years of commended experience in performance in vulnerability assessment and Penetration testing, perform DAST, SAST and SCA scan Application security of web application, OWASP Testing Framework/Application security controls. Testing of webservices, source code analysis, vulnerability patch management .ISO 27001:2005 security audits of function and projects.

See author's posts

More Stories

OWASP Top 10 Infrastructure Security Risks – 2024

Gaurav Srivastava November 18, 2024

Critical SAML Authentication Bypass vulnerability in Gitlab CE and EE Editions

Gaurav Srivastava September 19, 2024
PT

Penetration Test virtual machine security professional must have

Gaurav Srivastava September 19, 2024

You may have missed

Adobe Security Bulletin – April 2025

Gaurav Srivastava April 24, 2025 0

Adobe Security Bulletin – January 2025

Gaurav Srivastava January 15, 2025

Adobe Security Bulletin – December 2024

Gaurav Srivastava January 1, 2025

Adobe released patches for multiple products-Nov’24

Gaurav Srivastava November 21, 2024

Apple -critical patch for actively Exploited Zero-Day Vulnerabilities

Gaurav Srivastava November 20, 2024
error: Content is protected !!