Hands On DevSecops

Tools Used:

Azure VM : Azure provided VM, where tools and libraries will be deployed
Jacoco - java code coverage library
Docker - containerization platform,
K8 - container orchestration tool
Kube bench - it checks if k8 is deployed securely by running few checks
ISTIO - open source framework to support securing, monitoring and managing microservices
Prometheus - monitoring system & time series data
Falco - cloud native runtime security project
KubeSec - helps to identify k8 cluster for common exploitable risks
SonarQube - SAST based continuous inspection of code quality; do automatic reviws
Slack - social messaging platform to use in projects
Jenkins - CI tool
Dependency Check - checks if any vulnerabilities in project dependencies
OPA Confest - helps to write test for kubernetes configuration, Terraform and docker files
ZAP - a DAST based penetration testing tool
Grafana - A multi-platform open source analytics and monitoring platform
Trivy - Simple open source tool to perform vulnerability scanning for containers

Name		Name	Last commit message	Last commit date
Latest commit History 40 Commits
image		image
src		src
vars		vars
.gitIgnore		.gitIgnore
Dockerfile		Dockerfile
HELP.md		HELP.md
Jenkinsfile		Jenkinsfile
K8_secops_deployment.yaml		K8_secops_deployment.yaml
README.MD		README.MD
mvnw		mvnw
mvnw.cmd		mvnw.cmd
pom.xml		pom.xml
swotitup_secops.iml		swotitup_secops.iml
zap.sh		zap.sh