add devsecops-pipeline workflow (#9)

* add devsecops_pipeline.py

* add devsecops-pipeline workflow

* replace sonarqube with bandit

.github/workflows/devsecops-pipeline.yml

@@ -0,0 +1,30 @@
+name: DevSecOps Pipeline
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  security-checks:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout Code
+      uses: actions/checkout@v2
+
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: '3.x'
+
+    - name: Install Dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install bandit safety truffleHog pylint
+
+    - name: Run DevSecOps Pipeline
+      run: python devsecops_pipeline.py

devsecops_pipeline.py

@@ -12,10 +12,10 @@ def run_command(command, cwd=None):
         sys.exit(result.returncode)
     return result.stdout
 
-# Static Code Analysis and Code Coverage (using SonarQube)
-def run_sonarqube_analysis(path):
-    print("Running SonarQube for static code analysis and code coverage...")
-    run_command(f"sonar-scanner -Dsonar.projectBaseDir={path}")
+# Static Code Analysis (using Bandit)
+def run_bandit(path):
+    print("Running Bandit for static code analysis...")
+    run_command(f"bandit -r {path}")
 
 # Dependency Checking (using Safety)
 def run_safety():
@@ -41,8 +41,8 @@ def run_pylint(path):
 def main():
     project_path = os.getcwd()
 
-    # Static Analysis and Code Coverage with SonarQube
-    run_sonarqube_analysis(project_path)
+    # Static Analysis
+    run_bandit(project_path)
 
     # Dependency Checking
     run_safety()
@@ -54,7 +54,7 @@ def main():
     terraform_path = os.path.join(project_path, 'terraform')
     if os.path.exists(terraform_path):
         run_terraform_scan(terraform_path)
-
+    
     # Linting
     run_pylint(project_path)