OWASP DevSecOps Guideline

The OWASP DevSecOps Guideline focuses on explaining how we can implement a secure pipeline and using best practices and introduce tools that we can use in this matter. Also, the project trying to help us for promoting the shift-left security culture in our development process.
This project helps any companies in each size that have development pipeline or in other words have DevOps pipeline. During this project, we try to draw a perspective of a secure DevOps pipeline and then improve it based on our customized requirements.

DevSecOps pipeline

Initial steps:

At first, we consider to implement the following steps in a basic pipeline:

  • Take care secrets and credentials in git repositories
  • SAST (Static Application Security Test)
  • DAST (Dynamic Application Security Test)
  • Infrastructure scanning
  • Compliance check


Feel free to contribute to this project, any contributors are welcome to make a PR on the project repo.


Contributing on this project is so simple, please go to project’s GitHub repo and then send a new pull request.

Please do not hesitate to create an issue if you have any idea or recommandation.Share your idea or recommandation