Skip to content
/ DevSecOps-Pipeline Public

DevSecOps Pipeline ensures secure, automated, and continuously monitored CI/CD processes on GCloud. It integrates security by design, leverages automation through Jenkins and Docker, and employs continuous monitoring with Prometheus and Grafana to maintain application and infrastructure health.

vijaysingh.cloud/projects/202403-cicd/

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vsingh55/DevSecOps-Pipeline

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
BoardGameApp
BoardGameApp
 
 
ModularizedTerraformInfra
ModularizedTerraformInfra
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
DeployedWebsite.png
DeployedWebsite.png
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
jenkinsfile
jenkinsfile
 
 

Repository files navigation

CI/CD with Built-in Security and Automation

A security-centric CI/CD pipeline integrating cutting-edge tools and practices to ensure robust code quality, vulnerability scanning, artifact publishing, secure Kubernetes deployment, and continuous monitoring.

Introduction

This CI/CD pipeline is built on the principles of security, automation, and continuous monitoring to deliver a seamless and secure development and deployment experience.

  • Security by Design: Security considerations are integrated into every stage of the development and deployment process.
  • Automation: The pipeline leverages automation to enhance efficiency, security, and reduce human error.
  • Continuous Monitoring: Systems and applications are continuously monitored to detect issues and anomalies promptly.

Architecture

arch-withGCP-TF

ArchitectureDiag drawio

Technologies Used

  • Kubernetes: Container orchestration platform.
  • Jenkins: CI/CD automation server.
  • SonarQube: Code quality and static analysis.
  • Aqua Trivy: Vulnerability scanning for code and container images.
  • Nexus Repository: Artifact repository for secure storage.
  • Docker: Containerization technology.
  • Docker Hub: Docker image registry.
  • Kubeaudit: Tool to audit Kubernetes clusters for various security concerns.
  • Grafana: System and application-level monitoring and alerting.
  • Prometheus: Collecting and querying metrics from services and endpoints.
  • Gmail: Status notifications and alerts.

Features:

Project Structure

  • terraform/: Terraform configuration files.
  • ModularizedTerraformInfra/: Modular Terraform code for provisioning infra.
  • scripts/: Deployment and automation scripts used with Terraform to automate and setup tools.
  • Jenkinsfile: Declarative Jenkins pipeline definition.

Workflow

Development

  • Developers create feature branches and push code to GitHub.

CI/CD Pipeline Trigger

  • Code changes trigger the Jenkins CI/CD pipeline.

Build and Unit Testing

  • [Build tool] compiles the code and executes unit tests.

Code Quality and Security

  • SonarQube performs code quality analysis.
  • Aqua Trivy scans for vulnerabilities in code dependencies.

Artifact Creation

  • A build artifact (e.g., JAR, WAR) is generated.

Artifact Publishing

  • The artifact is pushed to Nexus Repository.

Container Image Build

  • Docker creates a container image using the artifact.

Image Vulnerability Scan

  • Aqua Trivy scans the image for vulnerabilities.

Deployment

  • If all checks pass, the image is deployed to Kubernetes.

Monitoring and Notifications

  • Monitoring solutions track system and website health.
  • Emails are sent for deployment status and critical alerts.

Screenshots

  • Deployed Website website

  • Prometheus Target prmTargets

  • Grafana Dashboard dashboardofgraphanaForJenkinsMachine prmmonitoringongraphna

  • Blackbox Exporter

  • Notification Recieved mail

  • Pipeline Build pipelin

  • Sonarqube sq1

  • Docker Image docker

Read the Blog Post here!

Contribution

Contributions to this project are welcome! If you encounter any issues or have suggestions for improvement, feel free to open an issue or submit a pull request.

About

DevSecOps Pipeline ensures secure, automated, and continuously monitored CI/CD processes on GCloud. It integrates security by design, leverages automation through Jenkins and Docker, and employs continuous monitoring with Prometheus and Grafana to maintain application and infrastructure health.

vijaysingh.cloud/projects/202403-cicd/

Topics

bash docker kubernetes security automation terraform gmail gcp sonarqube prometheus dockerhub devsecops graphana terraform-module trivy

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages