DevSecOps Implementation Plan - Githubissues

dewcservices / devsecops

GNU General Public License v3.0

1 stars 0 forks source link

DevSecOps Implementation Plan #9

Open tnbozman opened 7 months ago

tnbozman commented 7 months ago

Planning:

git project
develop against a project task

Develop

Devcontainer
- Inject git linting to fail commit
- secrets scan
- conventional commit
commit against a project task
move project task to in-progress
conventional commit
secrets scan
Software Composition Analysis - dependency vuln. (maybe won't do due to dependabot)
release version

Build

dependency install
build tools install (npm -g install @angular/cli, install pip??, install gradle??)
lint pass (py & node)
build pass

Test

run unit test
sast - sonarcloud

Release

container workflow
- docker build
- container scan - trivy
- master
- docker tags
- docker push
  - private repo push (github artifacts)
  - open source push (dockerhub)
- library workflow
  - library version
  - library push
  - private (github artifacts)
  - open source (pip, npm, maven-central)
  - git tagging
  - close the project task Deploy Operate Monitor