Skip to content

Commit c1833f5

Browse files
authored
ADDED README.MD FILE
1 parent 98a9076 commit c1833f5

1 file changed

Lines changed: 118 additions & 0 deletions

File tree

Readme.md

Lines changed: 118 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,118 @@
1+
# **🛡️ DevSecOps Automation Pipeline**
2+
3+
## **📖 Project Overview**
4+
5+
This repository demonstrates a comprehensive **DevSecOps implementation** assigned as part of the advanced cloud computing curriculum. The project automates the lifecycle of a secure Node.js application—from code commit to production deployment—integrating **Continuous Integration (CI)**, **Continuous Security**, and **Continuous Deployment (CD)**.
6+
7+
The pipeline is executed on a **Self-Hosted Runner**, ensuring full control over the build environment, and deploys to a local **Kubernetes (Minikube)** cluster.
8+
9+
## **🏗️ Architecture & Workflow**
10+
11+
The pipeline follows a strict **"Shift-Left" Security** approach, ensuring vulnerabilities are caught before deployment.
12+
13+
graph LR
14+
A\[💻 Push Code\] \--\>|GitHub Actions| B(🔨 Build Docker Image)
15+
B \--\> C{🛡️ Trivy Security Scan}
16+
C \--\>|Pass| D\[📦 Push to GHCR\]
17+
C \--\>|Fail| X\[❌ Stop Pipeline\]
18+
D \--\> E\[🚀 Deploy to Minikube\]
19+
E \--\> F\[🌐 Expose via NodePort\]
20+
21+
### **Pipeline Stages**
22+
23+
1. **Semantic Versioning:** Automatically determines the next version tag (e.g., v1.0.1) based on commit messages.
24+
2. **Containerization:** Builds a lightweight, optimized Docker image for the Node.js application.
25+
3. **Vulnerability Scanning:** Uses **Trivy** to scan the image for CRITICAL and HIGH CVEs. *The build fails immediately if risks are detected.*
26+
4. **Artifact Management:** Securely pushes the verified image to the **GitHub Container Registry (GHCR)**.
27+
5. **Kubernetes Deployment:** Updates the deployment manifest and performs a rolling update on the Minikube cluster.
28+
29+
## **🛠️ Technology Stack**
30+
31+
| Component | Technology | Description |
32+
| :---- | :---- | :---- |
33+
| **Source Control** | | Version control and repository management. |
34+
| **CI/CD** | | Automates the build, scan, and deploy workflow. |
35+
| **Containerization** | | Container runtime and image building. |
36+
| **Orchestration** | | Manages containerized application deployment. |
37+
| **Security** | | Scans container images for security vulnerabilities. |
38+
| **Backend** | | Lightweight Express.js application. |
39+
| **Environment** | | Hosting environment for the Self-Hosted Runner. |
40+
41+
## **🚀 Getting Started**
42+
43+
To replicate this environment locally, follow these steps.
44+
45+
### **1\. Prerequisites**
46+
47+
Ensure your environment (VM or Local Machine) has the following installed:
48+
49+
* Docker & Docker Compose
50+
* Minikube
51+
* Kubectl
52+
* Git
53+
54+
### **2\. Installation**
55+
56+
\# Clone the repository
57+
git clone \[https://github.com/RoshaneAnees/devsecops.git\](https://github.com/RoshaneAnees/devsecops.git)
58+
cd devsecops
59+
60+
\# Start Minikube
61+
minikube start \--driver=docker
62+
63+
\# Check Cluster Status
64+
kubectl get nodes
65+
66+
### **3\. Deployment**
67+
68+
The deployment is handled automatically by the GitHub Actions pipeline. However, you can apply manifests manually for testing:
69+
70+
kubectl apply \-f k8s/
71+
72+
## **🔒 Security Implementation**
73+
74+
Security is the core component of this project. The pipeline integrates **Aqua Security's Trivy** scanner.
75+
76+
* **Scanned Target:** ghcr.io/roshaneanees/devsecops-app:latest
77+
* **Severity Threshold:** CRITICAL, HIGH
78+
* **Action:** If any vulnerability matching these severities is found, the pipeline **halts immediately**, preventing insecure code from reaching production.
79+
80+
## **🌐 Accessing the Application**
81+
82+
Once the pipeline completes successfully:
83+
84+
1. **Verify the Pods are running:**
85+
kubectl get pods
86+
87+
2. **Access the Service:**
88+
\# Get the URL directly from Minikube
89+
minikube service devsecops-svc \--url
90+
91+
3. **Port Forwarding (Alternative):**
92+
kubectl port-forward svc/devsecops-svc 3000:3000
93+
94+
Visit http://localhost:3000 in your browser.
95+
96+
## **📂 Repository Structure**
97+
98+
devsecops/
99+
├── .github/workflows/
100+
│ └── cicd.yaml \# ⚙️ The Brain: CI/CD Pipeline Definition
101+
├── app/
102+
│ ├── Dockerfile \# 🐳 Instructions to build the image
103+
│ ├── package.json \# 📦 Dependencies definition
104+
│ └── index.js \# ⚡ Server Logic
105+
├── k8s/
106+
│ ├── deployment.yaml \# ☸️ Deployment configuration
107+
│ └── service.yaml \# 🌐 Network Exposure configuration
108+
└── README.md \# 📄 Project Documentation
109+
110+
## **👨‍💻 Author**
111+
112+
\<div align="center"\>
113+
114+
**RoshaneAnees**
115+
116+
*DevSecOps Implementation Project • Fall 2026*
117+
118+
\</div\>

0 commit comments

Comments
 (0)