DevSecOps Project

Tools Used: GitHub Actions, SonarCloud (SAST), Snyk (SCA), OSWAP ZAP (DAST), Argo CD, Docker, Minikube (Kubernetes Locally)

Security is an integral part of an workflow. It's always recommended to integrate the shift-to-left security pattern into your pipelines. It is better to find security vulnerabilities in the early stages of SDLC rather than in Production.

Created this project to implement the Security in our DevOps pipeline.

Step 1: Developer pushes code to GitHub

Step 2: Workflow gets triggered due to push action

Step 3: SAST is performed with SonarCloud

Step 4: SCA is done with Snyk

Step 5: Docker image is built and pushed to DockerHub

Step 6: The application is deployed to the Kubernetes Cluster

Step 7: DAST scan is performed on the application URL with OSWAP ZAP

Step 8: You can find the reports of the SCA scan in the Code Scanning tab, and an artefact is created after a ZAP scan