Skip to content

williambrady/portfolio

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.github
.github
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Portfolio

A collection of interconnected software development infrastructure projects demonstrating best practices for security scanning, infrastructure as code, and CI/CD pipelines.

Projects

Project Description Tech Stack
portfolio-code-scanner Security scanning orchestration with 17+ tools Python, Docker, GitHub Actions
portfolio-github-management GitHub repository management via IaC Terraform, CloudFormation
portfolio-template-iac Template repository for IaC projects Terraform, Python, GitHub Actions
portfolio-github-example Demo project with intentional security findings Python, Terraform, CloudFormation
portfolio-aws-org-baseline AWS Organization security baseline Terraform, Python, Docker
portfolio-aws-account-baseline Standalone AWS account security baseline Terraform, Python, Docker

Architecture

portfolio-github-management
    │
    ├── Manages GitHub repos including:
    │   ├── portfolio-code-scanner
    │   ├── portfolio-template-iac
    │   ├── portfolio-github-example
    │   ├── portfolio-aws-org-baseline
    │   └── portfolio-aws-account-baseline
    │
portfolio-code-scanner
    │
    └── Published to GHCR, consumed by:
        ├── portfolio-template-iac (via .github/workflows/sast.yml)
        ├── portfolio-github-example (via .github/workflows/sast.yml)
        ├── portfolio-aws-org-baseline (via .github/workflows/sast.yml)
        └── portfolio-aws-account-baseline (via .github/workflows/sast.yml)

portfolio-template-iac
    │
    └── Template for new IaC projects with:
        ├── Security scanning workflows
        ├── Pre-commit hooks
        └── Terraform scaffolding

portfolio-aws-org-baseline
    │
    └── Bootstraps AWS Organizations with:
        ├── Organization structure (OUs, shared accounts)
        ├── Security services (CloudTrail, Config, Security Hub, Inspector, GuardDuty)
        ├── Control Tower integration
        └── Multi-region deployment (17 regions)

portfolio-aws-account-baseline
    │
    └── Secures standalone AWS accounts with:
        ├── Security controls (Config, CloudTrail, Security Hub, Inspector)
        ├── Organization-aware (skips org-managed services)
        └── Multi-region deployment (17 regions)

Key Patterns

Configuration-Driven Design

Both portfolio-code-scanner and portfolio-github-management use YAML configuration to separate policy from code:

  • portfolio-code-scanner: config.yaml controls scanner enablement, severity thresholds, and exclusions
  • portfolio-github-management: repositories.yaml defines repository settings with defaults and per-repo overrides

Security-First Approach

  • Docker containers run as non-root users
  • OIDC authentication instead of long-lived credentials for AWS access
  • GitHub Apps for programmatic access to GitHub APIs
  • Pre-commit hooks enforce code quality
  • Security scanning integrated into all CI/CD pipelines

License

See LICENSE for details.

About

Portfolio mapping project

Topics

template portfolio cloudformation terraform iac projectmanagement sdlc

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published