{"id":36384,"date":"2023-07-10T09:45:26","date_gmt":"2023-07-10T09:45:26","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=36384"},"modified":"2023-07-10T09:45:28","modified_gmt":"2023-07-10T09:45:28","slug":"complete-list-of-top-devsecops-tools","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/complete-list-of-top-devsecops-tools\/","title":{"rendered":"Complete List of Top DevSecOps Tools"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Vulnerability Scanning tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Nessus,<\/li>\n\n\n\n<li>OpenVAS,<\/li>\n\n\n\n<li>Qualys,<\/li>\n\n\n\n<li>Rapid7,<\/li>\n\n\n\n<li>Tenable,<\/li>\n\n\n\n<li>Netsparker.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Application Security tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>OWASP ZAP,<\/li>\n\n\n\n<li>Burp Suite,<\/li>\n\n\n\n<li>Qualys WAS,<\/li>\n\n\n\n<li>IBM AppScan,<\/li>\n\n\n\n<li>Checkmarx,<\/li>\n\n\n\n<li>SonarQube.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Security Testing tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Metasploit,<\/li>\n\n\n\n<li>Nmap,<\/li>\n\n\n\n<li>Kali Linux,<\/li>\n\n\n\n<li>Wireshark,<\/li>\n\n\n\n<li>Nikto,<\/li>\n\n\n\n<li>Hydra.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Threat Intelligence tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AlienVault,<\/li>\n\n\n\n<li>Anomali,<\/li>\n\n\n\n<li>Recorded Future,<\/li>\n\n\n\n<li>ThreatConnect,<\/li>\n\n\n\n<li>ThreatQuotient,<\/li>\n\n\n\n<li>FireEye.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Security Information and Event Management (SIEM) tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Splunk,<\/li>\n\n\n\n<li>ELK Stack,<\/li>\n\n\n\n<li>QRadar,<\/li>\n\n\n\n<li>LogRhythm,<\/li>\n\n\n\n<li>Graylog,<\/li>\n\n\n\n<li>ArcSight.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Cloud Security tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Dome9,<\/li>\n\n\n\n<li>CloudPassage,<\/li>\n\n\n\n<li>Azure Security Center,<\/li>\n\n\n\n<li>AWS Security Hub,<\/li>\n\n\n\n<li>CloudCheckr, CloudTrail.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Container Security tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Anchore,<\/li>\n\n\n\n<li>Aqua Security,<\/li>\n\n\n\n<li>Sysdig,<\/li>\n\n\n\n<li>Twistlock,<\/li>\n\n\n\n<li>NeuVector,<\/li>\n\n\n\n<li>Prisma Cloud.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Access Control tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Okta,<\/li>\n\n\n\n<li>Duo,<\/li>\n\n\n\n<li>Ping<\/li>\n\n\n\n<li>Identity,<\/li>\n\n\n\n<li>OneLogin,<\/li>\n\n\n\n<li>Microsoft Identity Manager,<\/li>\n\n\n\n<li>RSA SecurID.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Encryption and Key Management tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>HashiCorp Vault,<\/li>\n\n\n\n<li>Venafi,<\/li>\n\n\n\n<li>Keyfactor,<\/li>\n\n\n\n<li>Thales eSecurity,<\/li>\n\n\n\n<li>nCipher, Gemalto.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Compliance Management tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Chef Compliance,<\/li>\n\n\n\n<li>AWS Config,<\/li>\n\n\n\n<li>Puppet,<\/li>\n\n\n\n<li>Ansible,<\/li>\n\n\n\n<li>HashiCorp Sentinel,<\/li>\n\n\n\n<li>Sysdig Secure.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Security Automation and Orchestration tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Demisto,<\/li>\n\n\n\n<li>Phantom,<\/li>\n\n\n\n<li>Swimlane,<\/li>\n\n\n\n<li>SecOps Response,<\/li>\n\n\n\n<li>CyberSponse,<\/li>\n\n\n\n<li>FireEye Helix.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Identity and Access Management (IAM) tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Azure Active Directory,<\/li>\n\n\n\n<li>AWS IAM,<\/li>\n\n\n\n<li>ForgeRock,<\/li>\n\n\n\n<li>SailPoint,<\/li>\n\n\n\n<li>CyberArk,<\/li>\n\n\n\n<li>IBM Security Identity and Access Manager.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Security Analytics tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>IBM QRadar,<\/li>\n\n\n\n<li>LogRhythm,<\/li>\n\n\n\n<li>Splunk,<\/li>\n\n\n\n<li>Elastic Security,<\/li>\n\n\n\n<li>Exabeam,<\/li>\n\n\n\n<li>Securonix.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Incident Response tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Carbon Black,<\/li>\n\n\n\n<li>FireEye,<\/li>\n\n\n\n<li>CrowdStrike,<\/li>\n\n\n\n<li>Cybereason,<\/li>\n\n\n\n<li>Symantec Endpoint Protection,<\/li>\n\n\n\n<li>McAfee Endpoint Security.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">DevOps Security Integration tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Jenkins,<\/li>\n\n\n\n<li>GitLab,<\/li>\n\n\n\n<li>CircleCI,<\/li>\n\n\n\n<li>Travis CI,<\/li>\n\n\n\n<li>GitHub,<\/li>\n\n\n\n<li>Bamboo.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Data Security tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Varonis,<\/li>\n\n\n\n<li>IBM Guardium,<\/li>\n\n\n\n<li>Informatica,<\/li>\n\n\n\n<li>Symantec Data Loss Prevention,<\/li>\n\n\n\n<li>Voltage SecureData,<\/li>\n\n\n\n<li>Digital Guardian.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Security Configuration Management tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ansible,<\/li>\n\n\n\n<li>Chef,<\/li>\n\n\n\n<li>Puppet,<\/li>\n\n\n\n<li>SaltStack,<\/li>\n\n\n\n<li>AWS Config,<\/li>\n\n\n\n<li>HashiCorp Terraform.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Continuous Security Testing tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Veracode,<\/li>\n\n\n\n<li>Micro Focus Fortify,<\/li>\n\n\n\n<li>Checkmarx,<\/li>\n\n\n\n<li>Qualys WAS,<\/li>\n\n\n\n<li>Contrast Security,<\/li>\n\n\n\n<li>WhiteHat Security.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Threat Modeling tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microsoft Threat Modeling Tool,<\/li>\n\n\n\n<li>IriusRisk,<\/li>\n\n\n\n<li>ThreatModeler,<\/li>\n\n\n\n<li>Synopsys Software Integrity Platform,<\/li>\n\n\n\n<li>Secure Code Warrior.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Security Awareness and Training tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>KnowBe4,<\/li>\n\n\n\n<li>SANS Security Awareness,<\/li>\n\n\n\n<li>Infosec,<\/li>\n\n\n\n<li>Security Mentor,<\/li>\n\n\n\n<li>Mimecast,<\/li>\n\n\n\n<li>Inspired eLearning.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Compliance Automation tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Chef Compliance,<\/li>\n\n\n\n<li>AWS Config,<\/li>\n\n\n\n<li>Puppet,<\/li>\n\n\n\n<li>Ansible,<\/li>\n\n\n\n<li>HashiCorp Sentinel,<\/li>\n\n\n\n<li>Sysdig Secure.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Incident Management tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>PagerDuty,<\/li>\n\n\n\n<li>VictorOps,<\/li>\n\n\n\n<li>OpsGenie,<\/li>\n\n\n\n<li>xMatters,<\/li>\n\n\n\n<li>Squadcast,<\/li>\n\n\n\n<li>AlertOps.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Risk Assessment tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>RSA Archer,<\/li>\n\n\n\n<li>MetricStream,<\/li>\n\n\n\n<li>Lockpath,<\/li>\n\n\n\n<li>OneTrust,<\/li>\n\n\n\n<li>LogicManager,<\/li>\n\n\n\n<li>Resolver.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Security Code Review tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Snyk,<\/li>\n\n\n\n<li>WhiteSource,<\/li>\n\n\n\n<li>Sonatype,<\/li>\n\n\n\n<li>Black Duck,<\/li>\n\n\n\n<li>Veracode,<\/li>\n\n\n\n<li>Checkmarx.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Security Governance tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>RSA Archer,<\/li>\n\n\n\n<li>MetricStream,<\/li>\n\n\n\n<li>Lockpath,<\/li>\n\n\n\n<li>OneTrust,<\/li>\n\n\n\n<li>LogicManager,<\/li>\n\n\n\n<li>Resolver.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Compliance Reporting tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tripwire Enterprise,<\/li>\n\n\n\n<li>AlienVault,<\/li>\n\n\n\n<li>SolarWinds Log &amp; Event Manager,<\/li>\n\n\n\n<li>McAfee ePolicy Orchestrator,<\/li>\n\n\n\n<li>IBM QRadar,<\/li>\n\n\n\n<li>QualysGuard Policy Compliance.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Cloud Access Security Broker (CASB) tools:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Bitglass,<\/li>\n\n\n\n<li>Netskope,<\/li>\n\n\n\n<li>Skyhigh Networks,<\/li>\n\n\n\n<li>CipherCloud,<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Vulnerability Scanning tools: Application Security tools: Security Testing tools: Threat Intelligence tools: Security Information and Event Management (SIEM) tools: Cloud Security tools: Container Security tools: Access Control tools: Encryption and&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-36384","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/36384","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=36384"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/36384\/revisions"}],"predecessor-version":[{"id":36385,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/36384\/revisions\/36385"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=36384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=36384"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=36384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}