Important DevSecOps Tools

Skillsoft issued completion badges are earned based on viewing the percentage required or receiving a passing score when assessment is required. DevSecOps stands for development, security, and operations, and is used to inject security earlier in the software development life cycle (SDLC). In this course, you will explore the various categories of DevSecOps, starting with static analysis security testing (SAST) and dynamic analysis security testing (DAST). Next, you will discover common SAST and DAST DevSecOps tools including Bandit, Clean Code, looks good to me (LGTM), OWASP Zed Attack Proxy (ZAP), and Nikto, and examine dependency analysis and related dependency analysis tools. Then, you will investigate infrastructure as code (IaC) security and the leading IaC security tools, including Anchore, Clair, Dagda, OpenSCAP, dockscan, and InSpec. Finally, you will find out how secrets management is used to manage passwords, keys, application programming interfaces (APIs), and tokens, and you will identify the benefits of vulnerability management and assessment practices.