DevSecOps Project
Tools Used: GitHub Actions, SonarCloud (SAST), Snyk (SCA), OSWAP ZAP (DAST), Argo CD, Docker, Minikube (Kubernetes Locally)
Security is an integral part of an workflow. It's always recommended to integrate the shift to left security pattern in your pipelines. Better to find security vulnerabilty in the eary stages of SDLC rather than in Production.
Created this project to impletement the Security in our DevOps pipeline.
Step 1: Developer pushes code to GitHub
Step 2: Workflow gets triggered due to push action
Step 3: SAST is performed with SonarCloud
Step 4: SCA is done with Snyk
Step 5: Docker image is built and pushed to DockerHub
Step 6: Application is deployed to Kubernetes Cluster
Step 7: DAST scan is performed on the application URL with OSWAP ZAP
Step 8: You can find the reports of SCA scan in Code Scanning tab, and an artifact is created after a ZAP scan