Secure Development Tools & Resources

• OWASP Cheat Sheet Series – Official guides for secure coding and avoiding common vulnerabilities.
  Source: https://cheatsheetseries.owasp.org/
• SonarQube / Bandit – Static code analysis to detect vulnerabilities and critical issues.
  Source: https://www.sonarqube.org/
• ESLint / Pylint / Flake8 – Linters for JavaScript and Python to enforce code quality and detect potential security issues.
  Sources: https://eslint.org/, https://www.pylint.org/, https://flake8.pycqa.org/
• Bandit (Python) – Focused on Python security, it scans for common issues like injection, weak crypto, or unsafe calls.
  Source: https://bandit.readthedocs.io/
• Brakeman (Ruby on Rails) – Security scanner for Rails applications detecting vulnerabilities before deployment.
  Source: https://brakemanscanner.org/
• PMD / SpotBugs (Java) – Static code analyzers for Java to find bugs, code smells, and security issues.
  Sources: https://pmd.github.io/, https://spotbugs.github.io/
• Snyk / npm audit – Dependency checking to identify vulnerable libraries.
  Source: https://snyk.io/
• libsodium / RustCrypto – Secure, audited cryptographic libraries for protecting data.
  Sources: https://libsodium.org/, https://github.com/RustCrypto
• Manual Code Reviews – Peer reviews to catch logical flaws and bad practices.
  Documentation and guides:
  OWASP Code Review Guide – Guidelines for performing secure manual code reviews.
  CERT Secure Coding Standards – Best practices to catch logical flaws and security bugs.
  Google Engineering Practices – How Google performs peer code reviews and security checks.
  
• Secure CI/CD Pipelines – Integrate automated security tests and audits into build and deployment processes.
  Documentation and guides:
  GitLab Secure CI/CD – How to integrate static/dynamic analysis, secrets scanning, and dependency checks.
  Jenkins Security Best Practices – How to configure secure pipelines and enforce automated security checks.
• Secure IDEs / Editors – Development environments minimizing telemetry:
  VSCodium – A fully open-source build of VS Code with telemetry disabled.
  Neovim – Modernized Vim fork with extensibility and minimal telemetry.
  Vim – Classic, lightweight text editor for efficient keyboard-driven development.
  UEmacs – Lightweight Emacs variant created by Linus Torvalds, minimal features, no telemetry.
  GNU Emacs – Highly customizable editor with the option to disable telemetry packages.
  GNU ed – A classic line-oriented text editor, extremely lightweight and privacy-respecting.
  Micro – Modern terminal-based editor, simple and minimal telemetry by design.
  Jed – Lightweight text editor with Emacs-like keybindings and minimal footprint.
  
• TruffleHog / GitLeaks – Tools to scan your source code and repositories for secrets, credentials, API keys, or sensitive information that should not be committed.
  Sources: TruffleHog, GitLeaks
• American Fuzzy Lop (AFL) / Honggfuzz – Fuzz testing tools to automatically discover memory corruption, crashes, and other security-critical bugs in applications.
  Sources: AFL, Honggfuzz