🛠 DevSecOps Toolchain Map

Fireworks,

I previously told you that I was preparing this toolchain map. Nowadays they are actively searching for it, as an example from Lukatsky, there is also a description of the process according to GOST 56939-2024 with an emphasis on risk analysis and tools (I’ll tell you about this in a similar way). This tool map shows what classes and types of tools there are. The prototype is attached to the post.

Also, yesterday we met with the guys from the FinDevSecOps community @fintechassociation, where we closely discussed plans for the end of 2025 and 2026. I’ll tell you a little about my part:

A cool and distinctive feature is that in the new version:

- made a coloring page, where green is the Russian vendor, yellow is the foreign vendor, and free software is purple

- structure in yml

- meta data is aggregated about the availability of certification, type of software license, whether it can be imported, what programming language, what types of reports, etc.

- the entire layout is done using md materials and will be laid out on gpages

- we will accept pull requests for changes so that this map can be shared and we can work in a single field with the community

- on gpages filtering by meta data

- I’m currently working on a prototype description of each tool separately

- adaptive visualization

- removed some tools that are not supported or are less popular, as a result of which they are not updated

- updated tools

The card makes it possible to choose tools that are beneficial for yourself for all the necessary situations: when there is no money, when we cannot integrate a large tool, when there is no one and we have to do everything alone, etc.

I plan to release a new version before the end of the year and then we will rummage through the FDSO repository on github.com

So stay tuned 😜

#toolchain #appsec #devsecops #specialty #compliance #gost #vulnmanagement #techsolution