Skip to content

Commit e76a117

Browse files
authored
replaced the read me file with more detailed
1 parent e6e5dc0 commit e76a117

1 file changed

Lines changed: 218 additions & 0 deletions

File tree

README.md

Lines changed: 218 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,218 @@
1+
# 🛡️ DevSecOps Automation Pipeline
2+
### Secure CI/CD with GitHub Actions, Trivy & Kubernetes (Minikube)
3+
4+
![DevSecOps](https://img.shields.io/badge/DevSecOps-Automation-blueviolet)
5+
![GitHub Actions](https://img.shields.io/badge/CI%2FCD-GitHub%20Actions-black)
6+
![Docker](https://img.shields.io/badge/Container-Docker-blue)
7+
![Kubernetes](https://img.shields.io/badge/Orchestration-Kubernetes-blue)
8+
![Security](https://img.shields.io/badge/Security-Trivy-critical)
9+
10+
---
11+
12+
## 📖 Project Overview
13+
14+
This repository demonstrates a **complete DevSecOps automation pipeline** developed as part of an **Advanced Cloud Computing course**.
15+
16+
The project automates the entire lifecycle of a **Node.js application** — from source code commit to secure deployment — while enforcing **security at every stage** using a **Shift-Left DevSecOps approach**.
17+
18+
The pipeline runs on a **Self-Hosted GitHub Actions Runner** and deploys the application to a **local Kubernetes cluster (Minikube)**.
19+
20+
---
21+
22+
## 🎯 What We Achieved
23+
24+
✔ Fully automated CI/CD pipeline
25+
✔ Integrated security scanning (DevSecOps)
26+
✔ Containerized application delivery
27+
✔ Kubernetes-based deployment
28+
✔ Real-world cloud-native workflow
29+
30+
---
31+
32+
## 🏗️ Architecture & Workflow
33+
34+
```mermaid
35+
graph LR
36+
A[💻 Developer Pushes Code] --> B[🔨 Build Docker Image]
37+
B --> C{🛡️ Trivy Security Scan}
38+
C -->|Pass| D[📦 Push Image to GHCR]
39+
C -->|Fail| X[❌ Pipeline Stops]
40+
D --> E[🚀 Deploy to Kubernetes]
41+
E --> F[🌐 Application Exposed]
42+
```
43+
44+
---
45+
46+
## 🔄 Pipeline Stages Explained
47+
48+
1. **Source Code Commit**
49+
Developer pushes code to GitHub.
50+
51+
2. **Semantic Versioning**
52+
Automatically generates version tags (e.g. `v1.0.1`) based on commit history.
53+
54+
3. **Docker Image Build**
55+
Builds a lightweight and optimized container image.
56+
57+
4. **Security Scanning (Trivy)**
58+
- Scans image for **CRITICAL** and **HIGH** vulnerabilities
59+
- Pipeline **fails immediately** if vulnerabilities are detected
60+
61+
5. **Image Registry (GHCR)**
62+
Securely pushes verified images to **GitHub Container Registry**.
63+
64+
6. **Kubernetes Deployment**
65+
Performs rolling updates on **Minikube** using Kubernetes manifests.
66+
67+
---
68+
69+
## 🛠️ Technology Stack
70+
71+
| Layer | Technology | Purpose |
72+
|------|-----------|--------|
73+
| Source Control | GitHub | Version control & collaboration |
74+
| CI/CD | GitHub Actions | Automated pipeline |
75+
| Containerization | Docker | Application packaging |
76+
| Registry | GHCR | Secure image storage |
77+
| Orchestration | Kubernetes (Minikube) | Container deployment |
78+
| Security | Trivy | Vulnerability scanning |
79+
| Backend | Node.js + Express | Application logic |
80+
| Runner | Self-Hosted Runner | Full environment control |
81+
82+
---
83+
84+
## 🚀 Getting Started
85+
86+
### ✅ Prerequisites
87+
88+
Ensure the following tools are installed:
89+
90+
- Docker
91+
- Minikube
92+
- kubectl
93+
- Git
94+
95+
---
96+
97+
### 📥 Installation
98+
99+
```bash
100+
# Clone the repository
101+
git clone https://github.com/RoshaneAnees/devsecops.git
102+
cd devsecops
103+
104+
# Start Minikube
105+
minikube start --driver=docker
106+
107+
# Verify cluster
108+
kubectl get nodes
109+
```
110+
111+
---
112+
113+
### 🚢 Deployment
114+
115+
Deployment is **fully automated** via GitHub Actions.
116+
117+
For manual testing:
118+
119+
```bash
120+
kubectl apply -f k8s/
121+
```
122+
123+
---
124+
125+
## 🔒 Security Implementation (DevSecOps Core)
126+
127+
Security is **embedded**, not optional.
128+
129+
- 🔍 **Scanner:** Trivy (Aqua Security)
130+
- 🎯 **Target:** Docker image
131+
- 🚨 **Severity Gate:** CRITICAL & HIGH
132+
-**Policy:** Pipeline stops on detection
133+
134+
This ensures **no vulnerable container reaches production**.
135+
136+
---
137+
138+
## 🌐 Accessing the Application
139+
140+
### Check Pod Status
141+
142+
```bash
143+
kubectl get pods
144+
```
145+
146+
### Access via Minikube
147+
148+
```bash
149+
minikube service devsecops-svc --url
150+
```
151+
152+
### Port Forward (Alternative)
153+
154+
```bash
155+
kubectl port-forward svc/devsecops-svc 3000:3000
156+
```
157+
158+
Visit:
159+
👉 **http://localhost:3000**
160+
161+
---
162+
163+
## 📂 Repository Structure
164+
165+
```text
166+
devsecops/
167+
├── .github/workflows/
168+
│ └── cicd.yaml # ⚙️ CI/CD Pipeline
169+
├── app/
170+
│ ├── Dockerfile # 🐳 Docker image definition
171+
│ ├── package.json # 📦 Dependencies
172+
│ └── index.js # ⚡ Application entry point
173+
├── k8s/
174+
│ ├── deployment.yaml # ☸️ Kubernetes deployment
175+
│ └── service.yaml # 🌐 Service exposure
176+
└── README.md # 📄 Documentation
177+
```
178+
179+
---
180+
181+
## 🌍 Real-World & Cloud Computing Relevance
182+
183+
This project directly maps to **industry-grade cloud practices**:
184+
185+
- Mirrors **enterprise DevSecOps pipelines**
186+
- Implements **container security gates**
187+
- Uses **cloud-native orchestration**
188+
- Demonstrates **CI/CD + Kubernetes integration**
189+
- Applies **Shift-Left security principles**
190+
191+
---
192+
193+
## 🧠 Why This Project Matters
194+
195+
Traditional DevOps focuses on speed.
196+
**DevSecOps adds trust, safety, and compliance.**
197+
198+
This project proves:
199+
- Security can be **automated**
200+
- CI/CD can be **secure by design**
201+
- Cloud deployments can be **reliable & scalable**
202+
203+
---
204+
205+
## 👨‍💻 Author
206+
207+
<div align="center">
208+
209+
### **Roshane Anees**
210+
**DevSecOps Automation Project**
211+
*Advanced Cloud Computing • Fall 2026*
212+
213+
</div>
214+
215+
---
216+
217+
⭐ If you found this project useful, consider starring the repository!
218+

0 commit comments

Comments
 (0)