From dadece38cf35d8c7ff278c938ebf219fefd6c5dc Mon Sep 17 00:00:00 2001 From: ulises-jeremias Date: Wed, 10 Jul 2024 04:16:33 -0300 Subject: [PATCH] chore: Update security tools information in README.md --- .../README.md | 45 +++++++++++-------- 1 file changed, 26 insertions(+), 19 deletions(-) diff --git a/examples/the-ultimate-to-security-assessment-tools/README.md b/examples/the-ultimate-to-security-assessment-tools/README.md index d094d92..09a9e73 100644 --- a/examples/the-ultimate-to-security-assessment-tools/README.md +++ b/examples/the-ultimate-to-security-assessment-tools/README.md @@ -8,21 +8,21 @@ Integrating security early in the development process helps prevent vulnerabilit ## Tools Covered 🛠️ -### [Snyk](https://snyk.io/) +### Snyk -**Snyk** helps developers find, fix, and monitor known vulnerabilities in open source dependencies, container images, and configuration files. It integrates seamlessly with various IDEs, CI/CD pipelines, and version control systems. Snyk's user-friendly interface and powerful CLI make it an essential tool for maintaining secure codebases. +[Snyk](https://snyk.io/) helps developers find, fix, and monitor known vulnerabilities in open source dependencies, container images, and configuration files. It integrates seamlessly with various IDEs, CI/CD pipelines, and version control systems. Snyk's user-friendly interface and powerful CLI make it an essential tool for maintaining secure codebases. -### [Trivy](https://github.com/aquasecurity/trivy) +### Trivy -**Trivy** is a comprehensive and easy-to-use vulnerability scanner for containers and other artifacts, suitable for scanning code repositories, container images, and even Kubernetes clusters. It provides quick and accurate results, making it a favorite among developers looking to ensure the security of their applications at various stages of development. +[Trivy](https://github.com/aquasecurity/trivy) is a comprehensive and easy-to-use vulnerability scanner for containers and other artifacts, suitable for scanning code repositories, container images, and even Kubernetes clusters. It provides quick and accurate results, making it a favorite among developers looking to ensure the security of their applications at various stages of development. -### [Super Linter](https://github.com/github/super-linter) +### Super Linter -**Super Linter** is a combination of multiple linters to help validate your source code. It ensures that your codebase adheres to best practices and standards, covering a wide range of programming languages and file types. Super Linter can be used both locally and in CI/CD pipelines to maintain code quality and consistency. +[Super Linter](https://github.com/github/super-linter) is a combination of multiple linters to help validate your source code. It ensures that your codebase adheres to best practices and standards, covering a wide range of programming languages and file types. Super Linter can be used both locally and in CI/CD pipelines to maintain code quality and consistency. -### [Mega Linter](https://nvuillam.github.io/mega-linter/) +### Mega Linter -**Mega Linter** is a powerful linter aggregator that supports numerous languages and formats. It automates the process of running multiple linters, making it easier to maintain high code quality across diverse projects. Mega Linter can be easily integrated into development workflows, ensuring consistent coding standards and early detection of potential issues. +[Mega Linter](https://nvuillam.github.io/mega-linter/) is a powerful linter aggregator that supports numerous languages and formats. It automates the process of running multiple linters, making it easier to maintain high code quality across diverse projects. Mega Linter can be easily integrated into development workflows, ensuring consistent coding standards and early detection of potential issues. ## Guides 📖 @@ -32,7 +32,7 @@ From code scanning to CI/CD integration, we cover a wide range of topics to enha Let's explore each section: -### [Code Scanning](CODE_SCANNING.md) 🔍 +### Code Scanning 🔍 This section covers various types of code scanning tools, including: @@ -43,7 +43,9 @@ This section covers various types of code scanning tools, including: Performing regular scans helps in maintaining a secure codebase by identifying vulnerabilities and misconfigurations. -### [Early Stages of Development Workflows](DEVELOPMENT.md) 🚀 +Check out the [Code Scanning](CODE_SCANNING.md) guide for more details. + +### Early Stages of Development Workflows 🚀 - **IDE Integrations**: Learn how to integrate security tools with popular IDEs like VS Code and JetBrains. - **Git Workflow**: @@ -54,20 +56,25 @@ Performing regular scans helps in maintaining a secure codebase by identifying v By embedding these tools into your development environment, you can catch and fix issues as you write code. -### [Continuous Integration with GitHub Actions](CONTINUOUS_INTEGRATION_WITH_GITHUB.md) 🛠️ +You can find more details in the [Early Stages of Development Workflows](DEVELOPMENT.md) guide. + +### Security Scans in GitHub Actions 🚀 + +How to perform various types of analyses in a CI/CD flow using [GitHub Actions](https://docs.github.com/en/actions). + +Enhance your CI/CD pipelines with security scans following the best practices outlined in this [guide](CONTINUOUS_INTEGRATION_WITH_GITHUB.md)! + +### Security Integration in GitLab 🚀 -- How to perform various types of analyses in a CI/CD flow using GitHub Actions. -- Documentation: [GitHub Actions](https://docs.github.com/en/actions) +Setting up and using GitLab for security scans. -### [Continuous Integration with GitLab CI/CD](CONTINUOUS_INTEGRATION_WITH_GITLAB.md) 🛠️ +Learn how to integrate security tools into your GitLab in this [guide](CONTINUOUS_INTEGRATION_WITH_GITLAB.md). -- Setting up and using GitLab CI/CD for security scans. -- Documentation: [GitLab CI/CD](https://docs.gitlab.com/ee/ci/) +### Security Integration in AWS CodePipeline 🛠️ -### [Continuous Integration with AWS CodePipeline](CONTINUOUS_INTEGRATION_WITH_AWS_CODE_PIPELINE.md) 🛠️ +Integrating security scans in [AWS CodePipeline](https://docs.aws.amazon.com/codepipeline/). -- Integrating security scans in AWS CodePipeline. -- Documentation: [AWS CodePipeline](https://docs.aws.amazon.com/codepipeline/) +Learn how to set up security scans in AWS CodePipeline in this [guide](CONTINUOUS_INTEGRATION_WITH_AWS.md). Using these CI/CD tools ensures that every change is tested and validated for security issues before being merged and deployed.