π₯ Enterprise-Grade GitHub CI Orchestrator - Security, Governance & DevOps Standardization
A comprehensive CI/CD orchestrator written in Go that enforces enterprise standards while maintaining flexibility for diverse development workflows. Built with security-first principles and complete compliance reporting.
π Quick Start β’ π Current Status β’ π οΈ Tech Stack β’ π Architecture β’ π€ Contributing
Sky Genesis Enterprise CI is a comprehensive GitHub Action written in Go that provides enterprise-grade CI/CD pipeline orchestration with built-in security scanning, governance enforcement, and compliance reporting. Designed for professional teams and enterprises that need standardized, secure, and auditable CI/CD processes.
- Security-First Design - Built-in vulnerability scanning and secret detection
- Governance Enforcement - Automated policy compliance and standards enforcement
- Language-Aware CI - Intelligent pipeline adaptation for different programming languages
- Enterprise Reporting - Comprehensive compliance reports with SARIF integration
- Minimal Permissions - Principle of least privilege with transparent operations
- Marketplace Ready - GitHub Marketplace compatible with enterprise standards
β Production Ready: Complete Go implementation with security scanning, governance checks, and compliance reporting.
- Complete Go Application - Enterprise CI binary with modular architecture
- Security Module - Dependency vulnerability scanning with govulncheck, npm audit, safety, pip-audit
- Secret Detection System - Advanced pattern matching for API keys, tokens, credentials
- Governance Enforcement - Branch naming, commit format, version compliance checks
- Language-Aware CI - Go, JavaScript/TypeScript, Python, Java, C#, Ruby support
- Compliance Reporting - JSON reports, SARIF security reports, human-readable summaries
- Enterprise Configuration - Comprehensive
.enterprise-ci.ymlwith environment overrides - GitHub Integration - SARIF uploads, artifacts export, status checks
- Docker Support - Multi-stage Dockerfile for containerized deployment
- Docker Package Management - Automated Docker image building and publishing
- Modular Architecture - Clean separation with orchestrator, security, governance, compliance modules
- Multi-Language Support - Auto-detection and language-specific tool integration
- Enterprise Policies - Configurable strict/relaxed modes with customizable thresholds
- Security Scoring - Comprehensive scoring system with critical issue tracking
- Governance Scoring - Policy compliance metrics with detailed violation reporting
- Performance Optimization - Parallel execution, caching, timeout management
- Debug Capabilities - Comprehensive logging and troubleshooting features
- Docker Multi-Platform Support - Build for linux/amd64 and linux/arm64
- GitHub Security Tab - SARIF report integration
- GitHub Advanced Security - Enterprise security features
- CI/CD Pipelines - Seamless integration with existing workflows
- Enterprise Monitoring - Audit trails and compliance documentation
- Multi-Environment Support - Development, staging, production configurations
- Container Registry Integration - Automated Docker image publishing
- GitHub Repository - Public or private repository
- GitHub Actions - Enabled for your repository
- Basic CI/CD Knowledge - Understanding of workflows and pipelines
- Add to your workflow
name: Sky Genesis Enterprise CI
on: [push, pull_request]
jobs:
enterprise-ci:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
pull-requests: write
steps:
- uses: actions/checkout@v4
- name: Run Sky Genesis Enterprise CI
uses: skygenesisenterprise/enterprise-action@v1
with:
mode: strict
security-scan: true
governance-checks: true- Create configuration file
# .enterprise-ci.yml
mode: strict
language: auto
security:
enabled: true
secret_scan: true
fail_on_critical: true
governance:
enabled: true
branch_policies:
allowed_patterns:
- "main"
- "feature/.*"
- "hotfix/.*"
commit_policies:
allowed_patterns:
- "^(feat|fix|docs|style|refactor|test|chore)(\\(.+\\))?: .+"
compliance:
reports: true
export_artifacts: true
thresholds:
min_security_score: 80
min_governance_score: 80- Run your first pipeline
Commit and push to see Sky Genesis Enterprise CI in action!
Once running, you can access:
- Pipeline Results: GitHub Actions workflow logs
- Security Reports: GitHub Security tab (SARIF integration)
- Compliance Artifacts: GitHub Actions artifacts download
- Status Checks: Pull request and commit status checks
- Docker Images: Container registry (if Docker publishing enabled)
# Basic security focus
- name: Security Scan
uses: skygenesisenterprise/enterprise-action@v1
with:
mode: strict
security-scan: true
secret-scan: true
governance-checks: false
# Governance focus
- name: Governance Check
uses: skygenesisenterprise/enterprise-action@v1
with:
mode: strict
security-scan: false
governance-checks: true
# Full enterprise compliance
- name: Enterprise Compliance
uses: skygenesisenterprise/enterprise-action@v1
with:
mode: strict
security-scan: true
governance-checks: true
compliance-report: true
artifact-export: trueSky Genesis Enterprise CI v1.0.0
βββ π§ Go 1.21+ (Core Implementation)
βββ π¦ GitHub Action (Distribution)
βββ π³ Docker Support (Containerization)
βββ π¦ Docker Package Management (Multi-platform builds)
βββ π Security Tools Integration
β βββ govulncheck (Go vulnerabilities)
β βββ npm audit (Node.js dependencies)
β βββ safety (Python packages)
β βββ pip-audit (Python security)
βββ ποΈ Governance Engine
β βββ Branch Policy Enforcement
β βββ Commit Message Validation
β βββ Semantic Versioning Checks
β βββ Repository Standards
βββ π Reporting System
β βββ JSON Compliance Reports
β βββ SARIF Security Reports
β βββ Human-Readable Summaries
β βββ GitHub Artifacts Export
βββ π§ Configuration Management
βββ YAML Configuration Parser
βββ Environment-Specific Overrides
βββ Default Policy Templates
Security Scanning Architecture
βββ π¦ Dependency Vulnerability Scanning
β βββ Go Modules (govulncheck)
β βββ npm Packages (npm audit)
β βββ Python Packages (safety, pip-audit)
β βββ Java Dependencies (Maven/Gradle)
β βββ C# Packages (NuGet)
βββ π Secret Detection
β βββ API Keys Pattern Matching
β βββ Token Detection
β βββ Credential Scanning
β βββ Custom Pattern Support
βββ π Security Scoring
β βββ Critical Issue Tracking
β βββ Vulnerability Classification
β βββ Risk Assessment
β βββ Trend Analysis
βββ π‘οΈ SARIF Integration
βββ GitHub Security Tab
βββ Advanced Security
βββ Third-party Tools
βββ Compliance Reporting
Governance Enforcement System
βββ πΏ Branch Naming Policies
β βββ Pattern Validation
β βββ Exempt Branches
β βββ Custom Rules
β βββ Team Conventions
βββ π Commit Message Standards
β βββ Conventional Commits
β βββ Custom Patterns
β βββ Merge Commit Handling
β βββ Validation Rules
βββ π·οΈ Version Compliance
β βββ Semantic Versioning
β βββ Pre-release Support
β βββ Version File Detection
β βββ Format Validation
βββ π File Policies
β βββ Prohibited Patterns
β βββ Size Limits
β βββ Required Files
β βββ Language Standards
βββ π Repository Standards
βββ License Requirements
βββ Documentation Standards
βββ .gitignore Validation
βββ Security Files
Docker Build & Publish System
βββ ποΈ Multi-Platform Builds
β βββ linux/amd64 (Intel/AMD)
β βββ linux/arm64 (ARM64)
β βββ Platform-specific optimizations
βββ π¦ Container Registry Integration
β βββ GitHub Container Registry (ghcr.io)
β βββ Docker Hub
β βββ Custom registries
βββ π Security Scanning
β βββ Trivy vulnerability scanning
β βββ SARIF report generation
β βββ GitHub Security integration
βββ π§Ή Resource Management
β βββ Image cleanup
β βββ Build cache management
β βββ Storage optimization
β π Automated Workflows
βββ Release triggers
βββ Version tagging
βββ Rollback capabilities
enterprise-action/
βββ action.yml # GitHub Action metadata
βββ Dockerfile # Multi-stage Docker build
βββ README.md # Comprehensive documentation
βββ LICENSE # MIT license
βββ go.mod # Go module definition
βββ go.sum # Go dependencies checksum
βββ .enterprise-ci.yml # Example configuration
βββ cmd/ # Command-line interface
β βββ enterprise-ci/
β βββ main.go # Main application entry point
βββ app/ # Core application modules
β βββ config/ # Configuration management
β β βββ config.go
β βββ core/ # Core orchestration logic
β β βββ engine.go
β βββ docker/ # Docker integration
β β βββ builder.go # Docker package management
β βββ logging/ # Logging system
β β βββ github.go
β βββ modules/ # Feature modules
β βββ governance/
β β βββ module.go
β βββ security/
β β βββ module.go
β βββ registry.go
βββ pkg/ # Public packages
β βββ interfaces/ # Interface definitions
β β βββ module.go
β βββ types/ # Type definitions
β βββ common.go
βββ docs/ # Documentation and guides
β βββ security.md # Security configuration guide
β βββ governance.md # Governance configuration guide
β βββ examples/ # Language-specific examples
β βββ go-project.md # Go project example
β βββ governance.md # Governance example
βββ .github/ # GitHub-specific files
β βββ ISSUE_TEMPLATE/ # Issue templates
β βββ workflows/ # Development workflows
β β βββ release.yml # Release workflow with Docker builds
β βββ PULL_REQUEST_TEMPLATE.md # PR template
βββ build-and-push.sh # Docker build script
βββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
β GitHub Action β β Go Application β β Security Scan β
β (Entry Point) βββββΊβ (Main Logic) βββββΊβ (Vulnerabilities)β
β action.yml β β cmd/main.go β β security/module β
βββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
β β β
βΌ βΌ βΌ
Configuration Language Detection Secret Detection
Validation CI Execution Score Calculation
β β β
βΌ βΌ βΌ
βββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
β Governance Checkβ β Compliance β β Reports Export β
β (Policy Enforcement)βββββΊβ (Score Calc) βββββΊβ (Artifacts) β
β governance/module β β compliance/moduleβ β GitHub Artifacts β
βββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
β β β
βΌ βΌ βΌ
βββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
β Docker Build β β Docker Publish β β Security Scan β
β (Multi-platform) βββββΊβ (Registry Push)βββββΊβ (Trivy Scan) β
β docker/builder β β docker/builder β β docker/builder β
βββββββββββββββββββ ββββββββββββββββββββ βββββββββββββββββββ
Input Processing
βββ π Configuration Parsing (.enterprise-ci.yml)
βββ π Language Detection (auto or explicit)
βββ π Environment Analysis (GitHub context)
βββ βοΈ Policy Loading (defaults + overrides)
Security Processing
βββ π¦ Dependency Scanning (language-specific tools)
βββ π Secret Detection (pattern matching)
βββ π Vulnerability Classification (critical/high/medium/low)
βββ π‘οΈ Risk Assessment (scoring algorithm)
Governance Processing
βββ πΏ Branch Validation (naming patterns)
βββ π Commit Validation (message format)
βββ π·οΈ Version Validation (semantic versioning)
βββ π File Validation (policies and requirements)
βββ π Repository Validation (standards compliance)
Docker Processing
βββ π³ Multi-Platform Build (amd64/arm64)
βββ π¦ Registry Publishing (ghcr.io, Docker Hub)
βββ π Image Security Scanning (Trivy)
βββ π§Ή Resource Cleanup (cache, old images)
βββ π Automated Release (versioning, tagging)
Compliance Processing
βββ π Score Calculation (security + governance)
βββ π Report Generation (JSON + SARIF + summary)
βββ π€ Artifact Export (GitHub artifacts)
βββ π³ Docker Image Export (container registry)
βββ π Status Reporting (GitHub checks)
- β Go Application Core - Complete pipeline orchestration in Go
- β Security Module - Dependency scanning and secret detection
- β Governance Module - Policy enforcement and compliance checks
- β Compliance Module - Reporting and artifact export
- β Language Support - Go, JavaScript/TypeScript, Python, Java, C#, Ruby
- β Configuration System - Comprehensive YAML configuration
- β GitHub Integration - SARIF uploads and status checks
- β Docker Support - Multi-stage Dockerfile for containerization
- β Docker Package Management - Automated multi-platform builds
- β Documentation - Complete guides and examples
- π Advanced Security - OWASP dependency check integration
- π Custom Policies - User-defined governance rules
- π Performance Optimization - Caching and parallel execution
- π Extended Language Support - Rust, PHP, Swift, Kotlin
- π Integration Templates - Pre-built workflow templates
- π Monitoring Dashboard - Real-time compliance metrics
- π Enhanced Docker Features - Custom base images, build caching
- π SLA Integration - Service level agreement monitoring
- π Multi-Repo Support - Organization-wide governance
- π Advanced Reporting - Custom report templates
- π API Access - RESTful API for integration
- π Webhook Support - Real-time notifications
- π Role-Based Access - Team-specific policies
- π Container Registry Integration - Multiple registry support
- π Cloud Provider Support - AWS, Azure, GCP integration
- π Kubernetes Support - Native K8s deployment
- π Enterprise SSO - SAML/OIDC authentication
- π Compliance Frameworks - SOC 2, ISO 27001, PCI DSS
- π Advanced Analytics - ML-powered insights
- π Marketplace Expansion - Additional platform support
# .enterprise-ci.yml
language: go
go:
build:
flags: ["-v", "-race"]
test:
flags: ["-v", "-race", "-cover"]
coverage_threshold: 85
lint:
go_vet: true
gofmt_check: true
security:
tools:
go:
govulncheck: true
governance:
branch_policies:
allowed_patterns:
- "main"
- "develop"
- "feature/.*"
compliance:
thresholds:
min_security_score: 90# .enterprise-ci.yml
language: typescript
javascript:
build:
script: "build"
production: true
test:
script: "test"
coverage: true
lint:
script: "lint"
eslint: true
prettier: true
security:
tools:
javascript:
npm_audit: true
yarn_audit: true
compliance:
thresholds:
min_security_score: 85# .enterprise-ci.yml
language: python
python:
venv:
create: true
version: "3"
test:
framework: "pytest"
coverage: true
lint:
flake8: true
black: true
security:
tools:
python:
safety: true
pip_audit: true# .enterprise-ci.yml
mode: strict
language: auto
security:
enabled: true
fail_on_critical: true
secret_scan: true
tools:
go:
govulncheck: true
javascript:
npm_audit: true
python:
safety: true
pip_audit: true
governance:
enabled: true
branch_policies:
allowed_patterns:
- "main"
- "master"
- "develop"
- "feature/.*"
- "hotfix/.*"
- "release/.*"
commit_policies:
allowed_patterns:
- "^(feat|fix|docs|style|refactor|test|chore)(\\(.+\\))?: .+"
version_policies:
require_semver: true
repository_policies:
required_files:
- "LICENSE"
- "README.md"
- ".gitignore"
- "SECURITY.md"
compliance:
reports: true
export_artifacts: true
thresholds:
min_security_score: 85
min_governance_score: 90
max_critical_issues: 0
environments:
production:
mode: "strict"
compliance:
thresholds:
min_security_score: 95
min_governance_score: 95# .github/workflows/release.yml
name: Release
on:
push:
tags:
- 'v*'
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build-and-publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.21'
- name: Build Go binary
run: |
go build -o enterprise-ci ./cmd/enterprise-ci
- name: Build and publish Docker images
env:
VERSION: ${{ github.ref_name }}
run: |
# Use the Docker builder from app/docker/builder.go
go run ./cmd/enterprise-ci docker build --publishSky Genesis Enterprise CI follows the principle of least privilege:
# Recommended permissions
permissions:
contents: read # Access repository contents
actions: read # Read workflow information
security-events: write # Upload SARIF reports
pull-requests: write # Set status checks
packages: write # Publish Docker packages (if needed)- No External Network Calls - Except for package manager operations
- No Hardcoded Credentials - All secrets handled via GitHub context
- Minimal Dependencies - Reduced attack surface with Go implementation
- Auditable Code - Transparent operations with comprehensive logging
- Secure File Handling - Proper temporary file cleanup
- Input Validation - All inputs validated and sanitized
- Docker Security - Multi-stage builds, minimal base images, vulnerability scanning
- SOC 2 Compliance - Security monitoring and vulnerability management
- ISO 27001 - Information security management systems
- PCI DSS - Payment card industry security standards
- GDPR - Data protection and privacy compliance
Sky Genesis Enterprise CI generates comprehensive reports:
{
"compliance": {
"version": "1.0.0",
"timestamp": "2025-01-20T10:00:00Z",
"results": {
"status": "success",
"security_score": 92,
"governance_score": 88,
"critical_issues": 0,
"warnings": 3
},
"security": {
"vulnerabilities": 2,
"critical_vulnerabilities": 0,
"secrets_detected": 0
},
"governance": {
"branch_violations": 0,
"commit_violations": 1,
"version_violations": 0
},
"docker": {
"images_built": 2,
"images_published": 2,
"security_scan_passed": true
}
}
}{
"$schema": "https://json.schemastore.org/sarif-2.1.0",
"version": "2.1.0",
"runs": [{
"tool": {
"driver": {
"name": "Sky Genesis Enterprise CI Security Scanner",
"version": "1.0.0"
}
},
"results": [
// Security findings in SARIF format
]
}]
}- Security Tab Integration - SARIF reports appear in GitHub Security
- Status Checks - Real-time status updates on commits and PRs
- Artifact Export - Downloadable reports for audit trails
- Pull Request Comments - Automated comments with findings summary
- Docker Registry Integration - Automated image publishing to ghcr.io
- Trend Analysis - Track security and governance scores over time
- Compliance Dashboards - Visual metrics and KPIs
- Audit Trails - Complete history of all scans and checks
- Alert Integration - Custom notifications for critical issues
- Docker Metrics - Image size, security scan results, build performance
We're looking for contributors to help enhance this enterprise CI/CD orchestrator! Whether you're experienced with DevOps, security, or governance automation, there's a place for you.
- Fork the repository and create a feature branch
- Check the issues for tasks that need help
- Join discussions about architecture and features
- Start small - Documentation, tests, or minor features
- Follow our code standards and commit guidelines
- Go Developers - Core application development and optimization
- Security Experts - Additional vulnerability scanners, threat detection
- DevOps Engineers - Cloud provider integrations, Kubernetes support
- Docker Experts - Container optimization, multi-platform builds
- Governance Specialists - Policy templates, compliance frameworks
- Language Experts - Extended language support and tool integration
- Documentation Writers - Guides, tutorials, best practices
- QA Engineers - Test suites, validation, performance testing
- Choose an issue or create a new one with your proposal
- Create a branch with a descriptive name
- Implement your changes following our guidelines
- Test thoroughly in various environments
- Submit a pull request with clear description
- Address feedback from maintainers and community
- π Documentation - Comprehensive guides and API docs
- π GitHub Issues - Bug reports and feature requests
- π‘ GitHub Discussions - General questions and ideas
- π§ Email - support@skygenesisenterprise.com
When reporting bugs, please include:
- Clear description of the problem
- Steps to reproduce
- Configuration file (
.enterprise-ci.yml) - Environment information (GitHub context, language)
- Error logs or screenshots
- Expected vs actual behavior
- Security Configuration Guide - Detailed security setup
- Governance Configuration Guide - Policy enforcement guide
- Docker Configuration Guide - Container and registry setup
- Language Examples - Project-specific configurations
- Troubleshooting Guide - Common issues and solutions
| Component | Status | Notes |
|---|---|---|
| Go Application Core | β Working | Complete pipeline logic in Go |
| Security Module | β Working | Vulnerability scanning + secret detection |
| Governance Module | β Working | Policy enforcement + compliance |
| Compliance Module | β Working | JSON/SARIF reports + artifacts |
| Language Support | β Working | Go, JS/TS, Python, Java, C#, Ruby |
| Configuration System | β Working | YAML config + environment overrides |
| GitHub Integration | β Working | SARIF uploads + status checks |
| Docker Support | β Working | Multi-stage Dockerfile |
| Docker Package Management | β Working | Multi-platform builds + publishing |
| Documentation | β Working | Complete guides + examples |
| Testing Suite | π Planned | Unit and integration tests |
| Advanced Security | π Planned | OWASP integration + custom policies |
| Cloud Integration | π Planned | AWS, Azure, GCP support |
Development led by Sky Genesis Enterprise
We're looking for sponsors and partners to help accelerate development of this open-source enterprise CI/CD orchestrator.
This project is licensed under the MIT License - see the LICENSE file for details.
MIT License
Copyright (c) 2025 Sky Genesis Enterprise
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
- Sky Genesis Enterprise - Project leadership and development
- GitHub Actions Team - Excellent CI/CD platform
- Go Community - Excellent language and ecosystem
- Docker Community - Container platform and tools
- Security Community - Vulnerability scanning tools and best practices
- Open Source Contributors - Tools, libraries, and inspiration
- Enterprise Users - Feedback and requirements gathering
- DevOps Community - Standards, patterns, and methodologies
π‘οΈ Production Ready - Sky Genesis Enterprise CI v1.0.0!
Built with Go, Docker, and β€οΈ by the Sky Genesis Enterprise team
Building enterprise-grade CI/CD orchestration with security, governance, compliance, and container management
