This site can be considered a living document that acts as a transparent and actionable reference guide. It is intended to be a starting point for development teams working on an autonomous shift-left movement within the scope of their team's responsibilities.

We believe that development teams can and should feel empowered to put security first in their development practices. However, it can be complicated to define a starting point, let alone identify where to go from there. This guide intends to assist with this, such that good intentions can be translated into tangible improvements.

For your convenience, the below infographic showcases the headline topics we discuss in the guide:

Get started

The pages below serve as your starting point on your road to improving your team and project's security in a way that is appropriate for your team and organisation.

• Cyber Hygiene
• Access Control
• Encryption
• Logging & Monitoring
• Scanning

Where to begin

Depending on your team or project's situation, you may choose any of the topics as an appropriate starting point. If you're unsure where to start, it would be wise to evaluate your environment and applications you are responsible for and identifying which facets carry a considerable weight in the overall quality of your application.

Cyber hygiene

Does your team struggle maintaining an efficient workflow or do you feel like you're constantly slowed down by maintenance and janitorial tasks? Are you interested in some of the basics regarding keeping your projects clean? Perhaps Cyber Hygiene would be a good starting point.

Access Control

Is your application strongly dependent on the particulars of its users' identities, or do you experience difficulties making sure team members are on- and offboarded consistently? Access Control may be exactly what you're looking for.

Cryptography

Does your team handle sensitive data, whether internally or outward-facing as part of your application? Is the nature of the data you process either highly personal, legally protected or just highly sensitive for any number of reasons? Take a look at the Encryption topic.

Logging & Monitoring

Is it a challenge for your team to stay on top of the daily operations of your existing applications or do you find like you are consistently caught off-guard by production issues, with limited solutions to diagnose problems or triage performance issues? The Logging & Monitoring topic is likely a good starting point for you.

Scanning

Do you maintain a complicated landscape where the dependencies of your dependencies have dependencies that you've never heard of? Does your team deal with a myriad of credentials that are at risk of ending up in places they shouldn't be? Do you already have a decent grasp of the good practices required to keep your projects clean, but want to go a few steps further in maturing your workflow to allow for a more dependable, robust and secure environment? Take a look at the Scanning topic!