Website of Chuck Easttom, Ph.D., D.Sc.

A graphic showing software programming

DevSecOps

This site is a general resrouce for DevSecOps and contains material for a DoD DevSecOps course I teach.

Note: this page is being updated regularly, you shoudl check back from time to time. The lastest update date will always be displayed here 12/14/2025

DoD Resources
DoD DevSecOps Fundamentals
DoD Enterprise DevSecOps Strategy Guide
DISA DevSecOps
DevSecOps Fundamentals Guidebook: DevSecOps Tools & Activities
Grogu's guide to DevSecOps
Navy DevSecOps
DoD Enterprise DevSecOps Reference Design: CNCF Kubernetes
DSAWG DevSecOps
DEVSECOPS System Assurance
















 Tools
Aikido (IaC Scanner)
Checkov (Policy as Code)
 Chef (Compliance Tool)
 Falco (Cloud Security Scanner)
 Fossil (Configuration Management)
 GitHub (Code Repository)
GitLab (Code Repository)
GitLeaks (Finding data leaks)
Jenkins (DevSecOps tool)
 JFrog (Multiple DevSecOps tools)
 Jira (Code Repository/Communications)
Jit (AppSec Platform)
OpenTofu (Infrastructure as Code)
OWASP ZAP (DAST tool)
PMD (Open source SAST tool)
 Puppet (Security Compliance Manager)
 SemGrep (SAST tool)
 Snyk (Infrastructer as Code/Vulnerability Scanning)
SpaceLift (Infrastructure as Code)
Apache Subversion (Source Code Control)
 Terraform (Infrastructure as Code)
 Google Code Search Diggity
Visual Code Grepper
 SonarCube
Course Materials
Lesson 1 - Introduction
Lesson 2 Repositories and Tools
Lesson 3 Testing
Lesson 4 Infrastructure as Code
Lesson 5 DevSecOps Pipelines
Lesson 6 Secure Coding
Lesson 7 Threat Modeling and DevSecOps
Lesson 8 Deployment
Lesson 9 Containers
Lesson 10 Pen Testing in DevSecOps
Lesson 11- Zero Trust in DevSecOps
Lesson 12- Additional Topics
Course Labs


 Certifications & Training
EC Council DevSecOps Certified Engineer
Microsoft Azure DevOps Certified
DevSecOps Certification
DevSecOps Foundation Certification
Certified Kubernetes Security Specialist
Google DevSecOps Course
Online Labs
Hackme DevSecOps
Online VMs for Kubernetes and Docker
Kubernetes Playground
Kubernetes Public Playgrounds
Docker Tutorials