DevOps, DevSecOps, Rainbow Monkey Unicorn Pony, it really doesn't matter what you call it but one thing is certain - every one of these practices relies on innovative tooling to shift quality issues left to developers. Innovation is something I needed to turn to as a Security Architect many years ago as I built and deployed DevSecOps practices to a few Fortune 10 healthcare organizations.
When I met Julio Jimenez @juliojimenez we struck up a great friendship built on a shared vision of developing tools that would blur the line between Security and DevOps. We became Essentialists and adopted the mantra that security is just an attribute of quality. With that, we focused on developing tools that improve the quality of the code we built.
After Dan Walsh joined DKFM we had our core team and our Open Source collective started gaining industry attention from the tools we were building. Dan brought the business savvy, leadership, product direction, and more Essentialism to our team.
Now that our core team was put together,Julio and I migrated a number of personal repositories we had been working on for the past few years to our new GitHub organization we named DKFM.
The first project we worked on together as DKFM was SHS, which is a tool that calculates a risk score based on vulnerabilities in source code and infrastructure and presents in the format of a credit score.
Our second project was domi. domi is one of our flagship codebases. It is a policy-as-code enforcer that analyzes infrastructure as code and configuration for policy violations. It integrates with GitHub and uses Open Policy Agent and conftest to validate code on a Pull Request.
Other projects followed such as gardener which generates images in markdown from PlantUML diagrams, Hookz which generates local action pipelines as git hooks that execute when interacting with the git command, and Hinge that builds dependabot.yaml files for any codebase that is used by GitHub's Dependabot supply chain scanning product. We've started or are working actively on many other projects. All to make DevOps things that make DevOps easier.
As an open source collective anyone can join DKFM. All you need to do is contribute to any of our DKFM projects on GitHub.
Come and help us make tools that shift left, integrate security as an attribute of quality, and lead by example with Essentialism and innovation.