♾️ Collection of DevSecOps Notes + Resources + Courses + Tools

🚀 DevSecOps intro elective — 10 hands-on labs + 2 bonus hardening OWASP Juice Shop: threat modeling (STRIDE/Threagile), signed commits & secret scanning, SBOM/SCA, SAST + DAST, IaC security (Checkov/KICS), container & supply-chain hardening (Trivy, Cosign), runtime detection with Falco, and DefectDojo vuln management.

Deprecated; please use fcli instead

La intención de la workshop es mostrar y orientar a los equipos de desarrollo, seguridad y devops (entre otros) que quieran comenzar en DevSecOps, a segurar sus aplicaciones o bien a conocer un poco más acerca del desarrollo seguro, para esto, estaremos otorgando algunos tips e información que fuimos aprendiendo para armar un Pipeline DevSecOps …

An experimental ModelContextProtocol server connecting LLMs to DefectDojo for AI-powered security workflows. Enables natural language interaction with vulnerability data, simplifies security analysis, and automates reporting through a lightweight middleware integration.

This repo contains a OWASP DefectDojo API Client based on Java.

Export the security debt of an application from DefectDojo

DefectDojo API Terraform Provider

🚀 Production-ready GitOps template for AWS with built-in security scanning, policy enforcement, and multi-region deployment automation. Deploy secure infrastructure across 3 AWS regions with zero-touch GitOps workflow.

Go client library for accessing the DefectDojo API

Docker Compose files with best practices for bind mounts, env...

🛡️ A Python script that exports vulnerabilities from Wazuh (Elasticsearch) and imports them into DefectDojo via the Generic Findings Import API. Supports automated rescanning and can be run as a cron job.

OSS Security Toolchain Orchestrator

A collection of custom parsers for DefectDojo, the leading open-source vulnerability management platform. These parsers extend DefectDojo's scanning capabilities with enhanced support for popular security tools.

DefectDojo API client in Go

Uploads reports to OWASP DefectDojo

This Action is majorly created for Pushing Multiple report file to defectdojo.

CLI wrapper for DefectDojo APIv2 (beta)

Cosca (Combo Scanner) is an Application Security automation tool that invokes third-party scanners and processes outputs in a one-liner command.

ReconVerse: Automated CMS-based web application vulnerability assessment pipeline using Common Crawl, WhatWeb, and various scanners, with results visualized in DefectDojo.