Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Free Tools and Add-Ons to Explore for Applying DevSecOps in Your Organization

Illustration infinity symbol


Today, I'm hosting a webinar on "How to Build a DevSecOps Program that Works for Developers AND Security" and hope you’ll tune in. As I prepped for the session, I realized it might be useful to the broader community to offer up the references and tools I’ve collected on my journey to DevSecOps.

So without further ado, here are some of my favorite free, built-in, and open-source tools, as well as great reference material that can help you plan your move to DevSecOps. Check out the DevOps Lifecycle graphic below to see where each of these free tools fits into your process. This is far from a full list, but it’s a good starting point to try within your environment.

DevOps Lifecycle illustration



  • Free static analysis, dependency checkers, linters, and pre-commit hooks






Mozilla Enterprise Defense Platform

DevSecOps Webinars:

More DevSecOps Blogs:

Subscribe to Bishop Fox's Security Blog

Be first to learn about latest tools, advisories, and findings.

Tom Eston

About the author, Tom Eston

VP of Consulting and Cosmos at Bishop Fox

Tom Eston is the VP of Consulting and Cosmos at Bishop Fox. Tom's work over his 15 years in cybersecurity has focused on application, network, and red team penetration testing as well as security and privacy advocacy. He has led multiple projects in the cybersecurity community, improved industry standard testing methodologies and is an experienced manager and leader. He is also the founder and co-host of the podcast The Shared Security Show; and a frequent speaker at user groups and international cybersecurity conferences including Black Hat, DEF CON, DerbyCon, SANS, InfoSec World, OWASP AppSec, and ShmooCon.
More by Tom

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.