Security Control Center for DevSecOps
The Security Control Center provides you with a set of tools to secure your project. The tools are designed to be used in a DevOps environment and are integrated into your CI/CD pipeline. The Workflow is based on proven security practices and is designed to be easy to use.
Use Auto-Setup
You can use the auto-setup feature to automatically add the DevGuard Pipeline to the GitLab CI/CD pipeline for the project L3montree / DevGuard, create a Merge-Request and add any missing configuration variables and webhooks.
OR
Development 
Secure Coding Guidelines
Produce secure code by following secure coding guidelines.
In-Toto Provenance
Prove the integrity of the software supply chain. Creates a post-commit hook that records the file hashes of the project.
Integrating DevGuard into your CI/CD-Pipeline 
DevSecOps-Pipeline
Integrate the whole DevSecOps-Pipeline with a single CI/CD-Component. This includes Security-Scans, Artifact Signing and Build-Provenance generation
OR integrate each step manually (improved flexibility)
Secret Scanning
Scan git repositories for finding potential credentials leakage.
Static Application Security Testing
Find security vulnerabilities in produced source code.
Software Composition Analysis
Find known vulnerabilities in third-party and open source dependencies.
Continuously monitoring risk changes. Last component update .
Infrastructure as Code
Find security vulnerabilities in infrastructure code like Dockerfiles, Terraform, etc.
Container Scanning
Find known security vulnerabilities in OCI images, like Docker Images.
Continuously monitoring risk changes. Last component update .
Dynamic Application Security Testing
Find security vulnerabilities in running applications.
Image Signing
Ensure the integrity and authenticity of your container images.
Images are getting signed.
Operations 
Image Verification
Ensure the integrity and authenticity of your container images.