La intención de la workshop es mostrar y orientar a los equipos de desarrollo, seguridad y devops (entre otros) que quieran comenzar en DevSecOps, a segurar sus aplicaciones o bien a conocer un poco más acerca del desarrollo seguro, para esto, estaremos otorgando algunos tips e información que fuimos aprendiendo para armar un Pipeline DevSecOps …

Automating the implementation of a DevSecOps environment & pipeline in openstack (devstack)

Jenkins Pipeline for security scanning with owasp zap

Automated Vulnerability Assessment using Falcon Pi Remotely (using raspberry-3)

My Bachelor Project - DAST Integration in CICD with OWASP ZAP

Unified DevSecOps pipeline that runs OWASP ZAP, Semgrep, Trivy, and other security scanners with results mapped to OWASP ASVS v5 and exported to Allure reports. Built for CI/CD integration.

A fully self-contained Docker image that orchestrates 20 security tools — Nuclei, ZAP, Dalfox, Arjun, WPScan, sqlmap, Nikto, testssl.sh, Shodan, and more — into a single 16-step scan pipeline. Passive recon, parameter discovery, XSS, SQLi, secrets detection, and full vulnerability coverage with one command.

Enhanced the security posture of cloud infrastructure and applications through automated security tools and compliance checks.

blackduckcopilot

DevSecOps Command Center for the IT Security & Privacy (SPTI) seminar at Escuela Colombiana de Ingeniería Julio Garavito. This project secures the LogiFlow platform through a full Shift-Left (SAST/SCA) and Shift-Right (DAST/Falco) lifecycle. An enterprise-grade monitoring stack with Prometheus, Grafana, and Loki for real-time threat detection.