Update README.md with additional resources

Author: CalinL

README.md

@@ -26,6 +26,62 @@ Initially presented at [DevOps Days Montreal 2024](https://devopsdays.org/events
 
 ---
 
-## Learning Path
+## Resources
+> Additional resources to continue your DevSecOps learning journey.
+
+- [DevOps Shield - Your DevOps. We Protect It.](https://www.devopsshield.com/)[](https://demo.devopsshield.com/)
+- [DevOps Shield - Live Product Demo](https://demo.devopsshield.com/)
+- [DevOps Shield - Microsoft Azure Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/cad4devopsinc1662079207461.devops-shield?src=product&mktcmpid=header)
+- [devopsshield/devopsshield - Docker Image | Docker Hub](https://hub.docker.com/r/devopsshield/devopsshield)
+- [Sécurité dans DevOps (DevSecOps) - Azure DevOps | Microsoft Learn](https://learn.microsoft.com/fr-ca/devops/operate/security-in-devops)
+- [Innovation security - DevSecOps strategy and culture - Cloud Adoption Framework](https://learn.microsoft.com/en-ca/azure/cloud-adoption-framework/secure/innovation-security)
+- [DevSecOps controls - Cloud Adoption Framework | Microsoft Learn](https://learn.microsoft.com/en-ca/azure/cloud-adoption-framework/secure/devsecops-controls)
+- [What Is DevSecOps? Definition and Best Practices | Microsoft Security](https://www.microsoft.com/en-us/security/business/security-101/what-is-devsecops)
+- [What is DevSecOps? - Developer Security Operations Explained - AWS (amazon.com)](https://aws.amazon.com/what-is/devsecops/)
+- [What is DevSecOps? | IBM](https://www.ibm.com/topics/devsecops) 
+- [What is DevSecOps? 5 Key Components - Hyperproof](https://hyperproof.io/resource/devsecops/)
+- [Guide to Secure .NET Development with OWASP Top 10](https://learn.microsoft.com/fr-ca/training/modules/owasp-top-10-for-dotnet-developers/)
+- [Achieving DevSecOps Level 1 Maturity with GitHub Advanced Security](https://github.blog/2020-08-06-achieving-devsecops-maturity-with-a-developer-first-community-driven-approach/)
+- [SCA vs SAST: what are they and which one is right for you? - The GitHub Blog](https://github.blog/2022-09-09-sca-vs-sast-what-are-they-and-which-one-is-right-for-you/)[](https://github.blog/2023-03-08-application-security-orchestration-with-github-advanced-security/)
+- [Application security orchestration with GitHub Advanced Security](https://github.blog/2023-03-08-application-security-orchestration-with-github-advanced-security/)[](https://www.microsoft.com/en-us/security/blog/2023/04/06/devops-threat-matrix/)
+- [Get started securing your application | GitLab](https://docs.gitlab.com/ee/user/application_security/get-started-security.html)[](https://www.microsoft.com/en-us/security/blog/2023/04/06/devops-threat-matrix/)
+- [DevOps threat matrix | Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/2023/04/06/devops-threat-matrix/)
+- [DevOps environment posture management overview - Microsoft Defender for Cloud](https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-devops-environment-posture-management-overview) 
+- [OWASP DevSecOps Guideline - v-0.2 | OWASP Foundation](https://owasp.org/www-project-devsecops-guideline/latest/02f-Container-Vulnerability-Scanning)
+- [OWASP/DevSecOpsGuideline](https://github.com/OWASP/DevSecOpsGuideline)
+- [OWASP DevSecOps Guidelines - Latest (practical-devsecops.com)](https://www.practical-devsecops.com/owasp-devsecops-guidelines/)
+- [Integrating Security Into the DevSecOps Toolchain (govtech.com)](https://insider.govtech.com/california/sponsored/integrating-security-into-the-devsecops-toolchain.html)
+- [DevSecOps Tools: 9 Ways to Integrate Security Into the SDLC (aquasec.com)](https://www.aquasec.com/cloud-native-academy/devsecops/devsecops-tools/)
+- [What is DevSecOps Automation and its 6 Benefits (practical-devsecops.com)](https://www.practical-devsecops.com/devsecops-automation/)
+- [AppSec Map](https://appsecmap.com/AppSecMap)
+- [BleepingComputer | Cybersecurity, Technology News and Support](https://www.bleepingcomputer.com/)
+- [World’s Biggest Data Breaches & Hacks — Information is Beautiful](https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/)
+- [CVE Website](https://www.cve.org/)
+- [GitHub Advisory Database](https://github.com/advisories)
+- [OWASP Top Ten | OWASP Foundation](https://owasp.org/www-project-top-ten/)
+- [Source Code Analysis Tools | OWASP Foundation](https://owasp.org/www-community/Source_Code_Analysis_Tools)
+- [Vulnerability Scanning Tools | OWASP Foundation](https://owasp.org/www-community/Vulnerability_Scanning_Tools)
+- [Best Software Composition Analysis Reviews 2024 | Gartner Peer Insights](https://www.gartner.com/reviews/market/software-composition-analysis-sca) 
+- [Best Vulnerability Assessment Reviews 2024 | Gartner Peer Insights](https://www.gartner.com/reviews/market/vulnerability-assessment)
+- [The Complete Guide To Start A Successful DevSecOps Transformation](https://thei4group.com/the-complete-guide-to-start-a-successful-devsecops-transformation/)
+- [3 phases to start a DevSecOps transformation | Opensource.com](https://opensource.com/article/21/10/first-phases-devsecops-transformation)
+- [Microsoft Defender for Cloud DevOps security - the benefits and features - Microsoft Defender for Cloud | Microsoft Learn](https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-devops-introduction)
+- [Code security documentation - GitHub Docs](https://docs.github.com/en/code-security)
+- [DevSecOps Tools and Dev Sec Ops Services | Microsoft Azure](https://azure.microsoft.com/en-us/solutions/devsecops/)
+- [GitHub Advanced Security for Azure DevOps (microsoft.com)](https://azure.microsoft.com/en-us/products/devops/github-advanced-security)
+- [Security best practices - Azure DevOps | Microsoft Learn](https://learn.microsoft.com/en-us/azure/devops/organizations/security/security-best-practices?view=azure-devops)[](https://docs.gitlab.com/ee/user/application_security/)
+- [Application security | GitLab](https://docs.gitlab.com/ee/user/application_security/)
+- [OWASP Devsecops Maturity Model | OWASP Foundation](https://owasp.org/www-project-devsecops-maturity-model/)
+- [Achieving DevSecOps Level 1 Maturity with GitHub Advanced Security](https://github.blog/2020-08-06-achieving-devsecops-maturity-with-a-developer-first-community-driven-approach/)
+- [AppSec is harder than you think. Here’s how AI can help. - The GitHub Blog](https://github.blog/2024-02-06-appsec-is-harder-than-you-think-heres-how-ai-can-help/)
+- [Tackling DevSecOps Adoption Challenges (practical-devsecops.com)](https://www.practical-devsecops.com/tackling-devsecops-adoption-challenges/)
+- [What is Shift Left Security in DevSecOps (practical-devsecops.com)](https://www.practical-devsecops.com/what-is-shift-left-security/)
+- [How to “Shift-Left” SAST scans (Semgrep as an example) | by Mohamed AboElKheir | AppSec Untangled](https://medium.com/appsec-untangled/how-to-shift-left-sast-scans-semgrep-as-an-example-56f4428c31d3)
+- [Behind the Scenes of DAST — How do Security Scanners Work? | by Inon Shkedy | Medium](https://inonst.medium.com/behind-the-scenes-of-dast-how-do-security-scanners-work-65572b72bddb)
+- [DevSecOps and Code Vulnerabilities (cxotoday.com)](https://cxotoday.com/news-analysis/devsecops-and-code-vulnerabilities/)
+- [The Fundamentals of DevSecOps in DevOps - GitHub Resources](https://resources.github.com/devops/fundamentals/devsecops/)
+- [Defending CI/CD Environments - The NSA/CISA Way (substack.com)](https://resilientcyber.substack.com/p/defending-cicd-environments-the-nsacisa)
+- [CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments | CISA](https://www.cisa.gov/news-events/alerts/2023/06/28/cisa-and-nsa-release-joint-guidance-defending-continuous-integrationcontinuous-delivery-cicd)
+- [CSI\_DEFENDING\_CI\_CD\_ENVIRONMENTS.PDF (defense.gov)](https://media.defense.gov/2023/Jun/28/2003249466/-1/-1/0/CSI_DEFENDING_CI_CD_ENVIRONMENTS.PDF)
 - [Automate your workflow with GitHub Actions](https://learn.microsoft.com/en-us/training/paths/automate-workflow-github-actions/)
 - [Manage GitHub Actions in the enterprise](https://learn.microsoft.com/en-us/training/modules/manage-github-actions-enterprise/)