-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into meleksabit-patch-6
- Loading branch information
Showing
1 changed file
with
64 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
import os | ||
import subprocess | ||
import sys | ||
|
||
# Helper function to run shell commands | ||
def run_command(command, cwd=None): | ||
result = subprocess.run(command, shell=True, cwd=cwd, text=True, capture_output=True) | ||
if result.returncode != 0: | ||
print(f"Error: Command '{command}' failed with exit code {result.returncode}") | ||
print(result.stdout) | ||
print(result.stderr) | ||
sys.exit(result.returncode) | ||
return result.stdout | ||
|
||
# Static Code Analysis and Code Coverage (using SonarQube) | ||
def run_sonarqube_analysis(path): | ||
print("Running SonarQube for static code analysis and code coverage...") | ||
run_command(f"sonar-scanner -Dsonar.projectBaseDir={path}") | ||
|
||
# Dependency Checking (using Safety) | ||
def run_safety(): | ||
print("Running Safety for dependency checking...") | ||
run_command("safety check --full-report") | ||
|
||
# Secret Scanning (using TruffleHog) | ||
def run_trufflehog(path): | ||
print("Running TruffleHog for secret scanning...") | ||
run_command(f"trufflehog {path}") | ||
|
||
# Infrastructure as Code Scanning (using Terraform and Snyk) | ||
def run_terraform_scan(path): | ||
print("Running Snyk for Terraform IaC scanning...") | ||
run_command(f"snyk iac test {path}") | ||
|
||
# Code Coverage and Linting (using Pylint) | ||
def run_pylint(path): | ||
print("Running Pylint for code linting...") | ||
run_command(f"pylint {path}") | ||
|
||
# Main function to orchestrate the DevSecOps pipeline | ||
def main(): | ||
project_path = os.getcwd() | ||
|
||
# Static Analysis and Code Coverage with SonarQube | ||
run_sonarqube_analysis(project_path) | ||
|
||
# Dependency Checking | ||
run_safety() | ||
|
||
# Secret Scanning | ||
run_trufflehog(project_path) | ||
|
||
# Terraform IaC Scanning | ||
terraform_path = os.path.join(project_path, 'terraform') | ||
if os.path.exists(terraform_path): | ||
run_terraform_scan(terraform_path) | ||
|
||
# Linting | ||
run_pylint(project_path) | ||
|
||
print("DevSecOps pipeline completed successfully!") | ||
|
||
if __name__ == "__main__": | ||
main() |