Goal - centralized UI, and scheduler, for managing automated builds
- Terraform Enterprise - HashiCorp
- Jenkins - Cloudbees
- TravisCI
- CircleCI
- Bamboo - Atlassian
- KitchenCI - Chef
Goal - automated build runners.
- Linux: [Bash])(https://www.tldp.org/LDP/Bash-Beginners-Guide/html/), Makefile
- Java: Gradle, Maven, Ant
- Python: tox, fabric, molecule
- Ruby: rake
- Node.js: Gulp, Grunt
Goal - automatically call build runners
https://githooks.com/
https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks
Goal - all code should use secure components.
OWASP Dependency Check (java, python, ruby, php, node.js, Swift)
Snyk (java, python, ruby, node.js)
Gemnasium (java, python, ruby, node.js)
OSSIndex (java, python, ruby, node.js)
Java - dependency-check-maven
Python - dependency-check, pyup
Ruby - bundle-audit, Hakiri
Javascript - RetireJS
Goal - all code should look the same.
Java - Google Java Format
Python - autopep8, black
Ruby - rubocop, rufo
Javascript - prettier
Goal - all code should be easy to maintain.
Java - checkstyle, findbugs, Google error-prone
Python - pylint, flake8
Ruby - rubocop
Javascript - eslint, jslint, jshint
Goal - code should not be unncessesarily complicated.
McCabe Cyclomatic Complexity
SonarCube (Java, Python, Ruby, Node.js, Javascript)
PMD (Java, Python, Ruby, Javascript)
Java - ???
Python - radon
Ruby - Ruby Critic
Javascript - eslint, jshint
Goal - all code should be easy to understand.
Java - javadoc, checkstyle
Python - pydocstyle
Ruby - rubocop
Javascript - jsdoc
Goal - code should function as expected, in isolation.
Goal - code should function as expected, with immediate dependencies
Goal - code should behave consistently, only on the browser / mobile app, offline
Javascript - Mocha
jQuery - QUnit
Angularjs - Jasmine + angularjs-mocks
https://docs.angularjs.org/guide/unit-testing
React - React-unit, Jest, Enzyme
https://reactjs.org/community/testing.html
Goal - all code should be written securely
SonarCube (Java, Python, Ruby, Node.js, Javascript)
PMD (Java, Python, Ruby, Javascript)
Java - spotbugs
Python - bandit
Ruby - Brakeman
Javascript - mustache-security
Goal - build local VMs, Linux Containers, or Cloud VMs.
Packer - Virtualbox, VMWare, Hyper-V, AWS AMI, Azure VM, Google Image
Goal - automatically deploy local VMs.
Vagrant - Virtualbox, VMWare, Hyper-V
Goal - deploy a linux container.
Goal* - orchestrate container deployment.
Kubernetes
OpenShift
LXD
Goal - ensure containers have secure components.
Artifactory JFrog XRay
anchore-cli
coreos claire
dagda
cilium - container network security
sysdig falco - Kubernetes
https://docs.docker.com/v17.12/docker-cloud/builds/image-scan/
https://techbeacon.com/security/10-top-open-source-tools-docker-security
https://sysdig.com/blog/20-docker-security-tools/
Goal - deploy remote cloud resources.
AWS Cloudformation
Azure Resource Manager
Google Deployment Manager
Terraform (AWS, Azure, GCE)
Goal - automate running provision in multiple environments
Ansible - Molecule
Chef - Kitchen
Goal - install and configure services.
Goal - environments should be installed consistently.Ruby - serverspec
Python - testinfra, goss
Ruby - inspec (Chef)
Goal: environment should behave consistently.
Python - infrataster (HTTP, pgsql, redis)
Terraform - Terragrunt
Goal - code should behave consistently, on the server.
Ruby - cucumber, rspec
https://www.martinfowler.com/articles/rake.html
Python - behave
Java - jbehave
Goal - code should behave consistently, only in the browser / mobile app, quickly.
Javascript - CasperJS + PhantomJS
AngularJS - Karma, Protractor
Goal - systems should behave consistently, on the client-side
Javascript - cucumber.js
jQuery - ???
Angularjs - Jasmine
React - react-cucumber
Goal - systems should behave consistently, end-to-end, w/ Selenium
Java - Cucumber-jvm + Cucumber-junit
Python - Lettuce
Goal - systems should be performant and reliable.
- JMeter
- Blazemeter - Hosted JMeter
- Gatling
- Locust
- The Grinder
Goal - systems should behave securely, end-to-end.
Ruby - Gauntlt
Python - Mittn
Java - BDD-Security
- https://erik.doernenburg.com/2008/11/how-toxic-is-your-code/
- https://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
- https://github.com/collections/clean-code-linters
- https://realpython.com/python-code-quality/
- https://www.aspectsecurity.com/uploads/downloads/2012/03/aspect-security-the-unfortunate-reality-of-insecure-libraries.pdf
- http://softwaretestingfundamentals.com/integration-testing/
- https://martinfowler.com/bliki/IntegrationTest.html
- https://www.youtube.com/watch?v=hQyXgKENDtg&t=2321s
- https://developer.ibm.com/tutorials/d-bbd-guide-iac/
- https://www.softwaretestinghelp.com/behavior-driven-development-bdd-tools/
- https://docs.angularjs.org/guide/unit-testing
- https://scotch.io/tutorials/testing-angularjs-with-jasmine-and-karma-part-1
- https://reactjs.org/community/testing.html
- https://www.toolsqa.com/selenium-cucumber-framework/convert-selenium-test-into-cucumber-bdd-style-test/
- https://www.guru99.com/what-is-security-testing.html