DevOps is a set of practices and tools that integrates software development (Dev) and operations (Ops) together to improve software development lifecycle by shortening the feedback loop. Another variant is called DevSecOps wherein security is embedded at each stage of the development and release cycle.
DevOps is complementary to agile software development and several DevOps principle came from agile ways of working.
A collection of tools categorized in different stages of the DevOps infinity loop.
Note
- List is not exhaustive and will continue to evolve over time
- Open-source is prioritized
- Much like there's more than one way to skin a cat, no tool is perfect for everything
- Due to the nature of software development, tools mentioned here might become obsolete or replaced by superior ones
| Category | Tools |
|---|---|
| Collaboration | |
| Documentation and Diagrams | |
| Languages | |
| Version Control (Git) Platforms | |
| Continuous Development | |
| Secure Coding | |
| Threat-Modeling and Risk-Assessment-Model | |
| Source code editor, IDE, and ID Security Plugins | |
| Pre-commit Hooks | |
| Static Application Security Testing |
| Category | Tools |
|---|---|
| Continuous Integration | |
| Artifact Management/Registries | |
| Secure Pipelines | |
| Infrastructure Scanning | |
| Secure Acceptance Testing | -- |
| Unit and Function Testing | |
| Performance Testing | |
| End to end Testing | |
| Infrastructure-as-Code | |
| Container Orchestration | |
| Configuration Management |
| Category | Tools |
|---|---|
| Continuous Delivery | |
| Cloud Platform | |
| Security Smoke Test | -- |
| Configuration Checks | -- |
| Category | Tools |
|---|---|
| Monitoring | |
| Threat Intelligence | -- |
| Penetration Testing | |
| Blameless Postmortems |
|