Exemplo de workflow de segurança que realiza testes SAST, SCA, DAST, Secrets Scan e IaC Scan via GitHub Actions utilizando ferramentas open source.
-
Updated
Jan 29, 2024 - Python
Exemplo de workflow de segurança que realiza testes SAST, SCA, DAST, Secrets Scan e IaC Scan via GitHub Actions utilizando ferramentas open source.
Official Repository for 'Learning DevSecOps' by Michelle Ribeiro for O'Reilly Media
This project provision an ubuntu vm with pre-installed Jenkins, Docker, Kubernetes & git. The main purpose is to test locally CI/CD pipelines before deploying on production. elines.
Our documentation
OWASP Secure Pipeline Verification Standard
Automated DevSecOps CICD pipeline for deploying a Netflix clone using Jenkins, Docker, Kubernetes, integrated with email notifications, and monitoring with Grafana and Prometheus.
Use 'Makefile.sec + Docker' to run security tests in CI/CD pipelines.
Using PyRaider You can scan installed dependencies known security vulnerabilities. It uses publicly known exploits, vulnerabilities database.
Automated DevSecOps CICD pipeline for deploying a Netflix clone using Jenkins, Docker, Kubernetes, integrated with email notifications, and monitoring with Grafana and Prometheus.
Download Historic Reports using Veracode API
Pipeline SAST, DAST, SCA in GitLab CI\CD and push reports to VM
Sample Web App with Maven and Jenkins for DevSecOps CI-CD Demo
Centralized repository for storing GitHub actions and other pipeline flows
This project showcases the process of assessing the security state of a sample web app deployed in AWS and the process of hardening its security. Project 3 from the AWS Cloud Architect Nanodegree from Udacity. Misc: Security Monitoring in AWS.
Eureka Server for service discovery
Collection of a wide variety of practice DevSecOps implementions via Jenkins Pipelines and Configurations as Code.
DevSecOps projects which I've built and am in the process of open sourcing it
Add a description, image, and links to the devsecops-pipeline topic page so that developers can more easily learn about it.
To associate your repository with the devsecops-pipeline topic, visit your repo's landing page and select "manage topics."