DevSecOps CI/CD Pipeline Cheat Sheet:
➡️ Git – Developers commit code and trigger the pipeline.
➡️ Secret Detection – Prevents API keys, passwords, and tokens from being committed.
➡️ SBOM Scan – Generates a Software Bill of Materials to track dependencies.
➡️ SAST – Scans source code for security vulnerabilities before building.
➡️ Unit Tests – Verifies application logic and prevents regressions.
➡️ Dockerfile Scan – Detects insecure Dockerfile configurations and bad practices.
➡️ Build – Compiles the application and creates the container image.
➡️ Container Image Scan – Identifies vulnerabilities in the built image.
➡️ DAST – Tests the running application for exploitable security issues.
➡️ Smoke/API Tests – Confirms the application is functioning after deployment.
➡️ Deploy – Releases the application to the Kubernetes cluster.
➡️ Kubernetes CIS Scan – Checks cluster configuration against CIS security benchmarks.
➡️ Kubernetes Manifest Scan – Validates Kubernetes YAMLs for security and policy issues.
➡️ Container Signing – Cryptographically signs images to verify authenticity.
➡️ Container Validation – Ensures only trusted and compliant images are deployed.
➡️ Test Environment – Validates changes before production rollout.
➡️ Production Environment – Deploys the approved release to end users.
➡️ Monitoring – Continuously tracks logs, metrics, alerts, and application health.
Every stage is a checkpoint. Skip one, and you increase the risk of shipping insecure software.
Goose is a database migration tool that supports both SQL and Go-based migrations for managing schema changes across multiple databases.
- Works with Postgres, MySQL, SQLite, ClickHouse, MSSQL, and more
- Supports Go migrations written as plain functions
- Handles out-of-order migrations and embedded migrations
- Allows environment variable substitution in SQL migrations
Explore it here:
https://t.co/pPpZP1IwYj
Awesome-Selfhosted is a curated index of free, open-source software you can run on your own servers instead of relying on third-party services.
- Covers analytics, backup, communication, CRM, and more
- Lists only Free Software as defined by the GNU project
- Includes both network services and web applications
- Maintained with automated checks for dead links and unmaintained projects
Explore it here:
https://t.co/rK6x8rNzQb
China has killed the entire vector database industry.
They open-sourced TencentDB Agent Memory. It gives any AI agent long-term memory that runs 100% locally.
No Pinecone. No cloud APIs. No repeating yourself every session.
- 61% fewer tokens
- PersonaMem accuracy: 48% → 76%
- Zero external API dependencies
- Runs on plain SQLite
Most memory systems compress your history into an opaque vector pile. when recall goes wrong, you're guessing. this one doesn't compress, it builds a semantic pyramid.
L0 Conversation → L1 Atom → L2 Scenario → L3 Persona.
Short-term state gets encoded as a Mermaid graph in your agent's context. verbose tool logs get offloaded to disk. when the agent needs proof, it drills back via node_id to the exact raw log.
no lossy compression. every layer is readable markdown you can just open and inspect.
5.1k stars. 100% Open Source.
OpenHands Agent Canvas is a self-hosted control center that lets you run multiple coding agents across local, cloud, and remote backends as an always-on engineering team.
- Run OpenHands, Claude Code, Codex, or any ACP-compatible agent
- Create automations that integrate with Slack, GitHub, and Linear
- Switch between local, Docker, VM, and cloud backends without losing context
- Bring your own LLM and agent server infrastructure
Explore it here:
https://t.co/FPM1eokLkB
🦝 Raccoon – Open-Source Reconnaissance & Information Gathering Framework
Raccoon is an open-source reconnaissance and information gathering tool built to automate the early stages of authorized security assessments. It combines DNS enumeration, WHOIS lookups, TLS analysis, port and service scanning, subdomain discovery, directory and file fuzzing, web application fingerprinting, WAF detection, HTML form extraction, email harvesting, robots.txt and sitemap analysis, and cloud storage exposure checks into a single workflow. Built with Python's asyncio for improved performance, Raccoon supports Tor and proxy routing, integrates with Nmap and OpenSSL, and organizes results into structured output files for efficient analysis. Its simple CLI and broad feature set make it useful for penetration testers, bug bounty hunters, and security researchers performing reconnaissance on systems they are authorized to assess.
🔗 https://t.co/LcBnXLLCn6
#CyberSecurity #Recon #OSINT #PenetrationTesting #OpenSource
Un abogado pierde una semana en un contrato de 500 páginas.
Un contador, cuatro días en 200 facturas.
Un investigador, dos semanas en 50 PDFs.
Todos copiando y pegando.
MinerU lo cambia todo.
Herramienta gratuita y de código abierto que convierte cualquier PDF, Word, Excel o imagen escaneada en Markdown limpio en segundos:
• Texto en orden correcto
• Tablas en HTML
• Ecuaciones en LaTeX
• OCR potente
• 109 idiomas
Un PDF de 200 páginas → Markdown perfecto en 90 segundos.
Funciona en CLI y Python. Corre en tu PC. 100% privado.
Más de 68.000 estrellas en GitHub.
La abogada: contrato listo en 4 min.
El contador: 200 facturas en 12 min.
El investigador: revisión lista en una tarde.
Adiós papeleo manual. Bienvenido tu tiempo.
Kubeconform is a Kubernetes manifests validation tool
Similar to Kubeval, but with the following improvements:
➀ High performance
➁ Remote or local schema locations
➂ Up-to-date schemas for all recent versions of Kubernetes
➤ https://t.co/QsPGO7cyXr
🛡️ Anthropic Cybersecurity Skills - The Largest Open-Source Cybersecurity Skills Library for AI Agents
Anthropic Cybersecurity Skills is a collection of 754 production-grade cybersecurity skills across 26 security domains, designed to give AI agents structured workflows for DFIR, Threat Hunting, Threat Intelligence, Cloud Security, Web Security, Pentesting, Malware Analysis, SOC Operations, and more.
Each skill is mapped to MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, MITRE D3FEND, and NIST AI RMF, making it a powerful knowledge base for Claude Code, Copilot, Cursor, Gemini CLI, Codex CLI, LangChain, CrewAI, AutoGen, and other AI agent platforms.
🔗 https://t.co/SfV3E8nI0G
#CyberSecurity #ThreatIntel #DFIR #SOC #AIAgents #MITRE #InfoSec