# Bibliografía ##### **Trivy** Aqua Security. (s.f.). [Trivy - Escáner de vulnerabilidades](https://trivy.dev/latest/). Aqua Security. Aqua Security. (s.f.). [Trivy GitHub Action](https://github.com/aquasecurity/trivy-action). GitHub. Aqua Security. (s.f.). [Extensión para Visual Studio Code](https://github.com/aquasecurity/trivy-vscode-extension). GitHub. DevOps Tales. (2023). [Uso de Trivy Operator para validación de imágenes](https://devopstales.github.io/trivy-operator/2.4/functions/image-validator/). Locustbaby. (s.f.). [Interfaz gráfica para Trivy](https://github.com/locustbaby/trivy-ui). GitHub. Aqua Security. (2024). [Postee v2.9.0](https://aquasecurity.github.io/postee/v2.9.0/). Aqua Security. (2024). [Blueprints para Trivy Operator](https://aquasecurity.github.io/postee/v2.8.4/blueprints/trivy-operator/). ##### **Grype + Syft** Anchore. (s.f.). [Grype - Análisis de vulnerabilidades de contenedores](https://anchore.com/opensource/). Anchore. (s.f.). [Herramientas de escaneo de seguridad](https://anchore.com/software-supply-chain-security/open-source-container-vulnerability-scanning-tools/). SecureCodeBox. (2023). [Consumo de SBOM con Grype](https://www.securecodebox.io/blog/2023/09/15/sbom-part-two-consumption/). Syft Analytics. (s.f.). [Syft - Generador de SBOM](https://www.syftanalytics.com/). Anchore. (s.f.). [Acción de GitHub para escaneo con Grype](https://github.com/anchore/scan-action). ##### **SonarQube** SonarSource. (s.f.). [SonarQube](https://www.sonarsource.com/products/sonarqube/). SonarSource. (s.f.). [Acción GitHub para SonarQube](https://github.com/SonarSource/sonarqube-scan-action). SonarSource. (s.f.). [Integración con GitHub](https://docs.sonarsource.com/sonarqube-community-build/devops-platform-integration/github-integration/introduction/). SonarSource. (s.f.). [Extensión VSCode](https://docs.sonarsource.com/sonarqube-for-ide/vs-code/getting-started/requirements/). Atlassian Marketplace. (s.f.). [Conector SonarQube para Jira](https://marketplace.atlassian.com/apps/1217471/sonarqube-connector-for-jira). Toilatester. (s.f.). [Notificador SonarQube para Microsoft Teams](https://github.com/toilatester/sonar-microsoft-teams-notifier). ##### **Semgrep** Semgrep. (s.f.). [Documentación general](https://semgrep.dev/). Semgrep. (s.f.). [Acción GitHub para Semgrep](https://github.com/actions-marketplace-validations/returntocorp_semgrep-action). Semgrep. (s.f.). [Extensión de VSCode](https://semgrep.dev/docs/extensions/semgrep-vs-code/). Semgrep. (s.f.). [Integración con Slack](https://semgrep.dev/docs/semgrep-appsec-platform/slack-notifications/). Semgrep. (s.f.). [Integración con Jira](https://semgrep.dev/docs/semgrep-appsec-platform/jira/). Semgrep. (s.f.). [Referencia CLI y formatos SARIF/JUnit](https://semgrep.dev/docs/cli-reference/). ##### **OWASP ZAP** OWASP. (s.f.). [OWASP ZAP](https://www.zaproxy.org/). OWASP. (s.f.). [Escaneo base con Docker](https://www.zaproxy.org/docs/docker/baseline-scan/). Zaproxy. (s.f.). [GitHub Action oficial](https://github.com/zaproxy/action-baseline). Zakrush. (s.f.). [Scripts de API para ZAP](https://github.com/zakrush/zap_api_scripts). Balasooriya, K. (2021). [Exportar alertas de ZAP a Jira](https://kasunbalasooriya.medium.com/an-add-on-for-owasp-zap-to-export-alerts-of-a-web-application-as-issues-to-jira-891ea1698fbf). ## **Checkov** Bridgecrew. (s.f.). [Checkov](https://www.checkov.io/). Bridgecrew. (s.f.). [Acción GitHub de Checkov](https://github.com/bridgecrewio/checkov-action). Bridgecrew. (s.f.). [Extensión de VSCode](https://github.com/bridgecrewio/checkov-vscode). Bridgecrew. (s.f.). [Integración con DefectDojo](https://docs.defectdojo.com/en/connecting_your_tools/parsers/file/checkov/). Atlassian. (s.f.). [REST API Jira](https://developer.atlassian.com/cloud/jira/platform/rest/v2/intro/). Checkov. (s.f.). [Soporte para SARIF y JUnit](https://www.checkov.io/8.Outputs/SARIF.html). Checkov. (s.f.). [Referencia de CLI](https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html). Checkov. (s.f.). [Escaneo de Terraform Plan](https://www.checkov.io/7.Scan%20Examples/Terraform%20Plan%20Scanning.html). ##### **Snyk** Snyk. (s.f.). [Página principal](https://snyk.io/es/). Snyk. (s.f.). [Acción GitHub](https://github.com/snyk/actions). Snyk. (s.f.). [Integración con Jira](https://snyk.io/atlassian/jira-cloud/). Snyk. (s.f.). [Integración con Slack](https://slack.com/marketplace/A04NXBUEC0P-snyk-for-slack). Snyk. (s.f.). [VSCode Extension](https://docs.snyk.io/cli-ide-and-ci-cd-integrations/snyk-ide-plugins-and-extensions/visual-studio-code-extension). Snyk. (s.f.). [CLI y Web UI](https://docs.snyk.io/cli-ide-and-ci-cd-integrations/snyk-cli). Snyk. (s.f.). [Blog sobre buenas prácticas](https://snyk.io/blog/getting-the-most-out-of-snyk-test/). Kimpel, H. (2023). [Webhooks y suscripciones](https://www.kimpel.com/post/snyk/snyk-webhook-subscriptions-integrations/). ##### **Falco** Falco. (s.f.). [Documentación oficial](https://falco.org/docs/). Falco. (s.f.). [Conceptos: Outputs y Canales](https://falco.org/docs/concepts/outputs/). Falco. (s.f.). [GitHub Exporter](https://github.com/falcosecurity/falco-exporter). FreeCodeCamp. (2023). [Integración con Prometheus, Grafana y Docker](https://www.freecodecamp.org/news/secure-server-infrastructure-clouds-using-falco-prometheus-grafana-and-docker/). Elastic. (s.f.). [Integración Falco y Elastic Security](https://www.elastic.co/blog/falco-elastic-security-cloud-workload-protection). Port. (s.f.). [Integraciones webhook de Falco](https://docs.port.io/build-your-software-catalog/custom-integration/webhook/examples/falco/). ##### **Herramientas Complementarias** CrowdStrike Marketplace. (s.f.). [Soar actions para Teams](https://marketplace.crowdstrike.com/listings/soar-actions-built-for-microsoft-teams). SendSonar. (s.f.). [Integración con Slack](https://docs.sendsonar.com/docs/slack). Digicert. (s.f.). [Integración Sonar y Slack](https://knowledge.digicert.com/constellix/sonar-monitoring/slack-integration/). O’Reilly. (2019). [Practical Security Automation](https://www.oreilly.com/library/view/practical-security-automation/9781789802023/). YouTube. (2023). [Integración de DefectDojo](https://www.youtube.com/watch?app=desktop&v=GGWinWTHqCY). Grafana. (s.f.). [Sitio oficial](https://grafana.com/). Prometheus. (s.f.). [Prometheus + Kubernetes](https://spacelift.io/blog/prometheus-kubernetes). Elastic. (s.f.). [Elasticsearch](https://www.elastic.co/es/elasticsearch).