Skip to content

trivediayush/devsecops-ci-pipeline

BranchesTags

Repository files navigation

DevSecOps CI Pipeline

This repository demonstrates a fully functional DevSecOps Continuous Integration (CI) pipeline using GitHub Actions. It integrates static code analysis, secret scanning, unit testing, and dependency vulnerability scanning using open-source tools.

📌 Project Overview

  • Language: Python
  • CI/CD: GitHub Actions
  • Security Tools: SonarCloud, Gitleaks, Snyk
  • Testing Framework: Pytest

🛠️ Tools Used

  • GitHub Actions
  • SonarCloud (Code Quality & Static Analysis)
  • Gitleaks (Secrets Detection)
  • Snyk (Vulnerability Scanning)
  • Pytest (Unit Testing)

📋 Steps to Run Locally

  1. Clone the repository:

    git clone https://github.com/trivediayush/devsecops-ci-pipeline.git cd devsecops-ci-pipeline

  2. Install dependencies:

    pip install -r requirements.txt

  3. Run unit tests:

    pytest tests/

  4. Optional: Run security scans locally

  • Gitleaks: gitleaks detect --source . --config .gitleaks.toml
  • Snyk: snyk test

📈 CI Pipeline Stages

  1. Code Checkout
  2. Python Environment Setup
  3. Install Dependencies
  4. Run Unit Tests
  5. SonarCloud Scan
  6. Gitleaks Secret Scan
  7. Snyk Vulnerability Scan

🧭 Architecture Diagram

🧭 Output Images

👤 Author

Ayush Trivedi

About

A fully functional DevSecOps Continuous Integration (CI) pipeline using GitHub Actions.

Topics

python docker jenkins docker-compose terraform sonarqube devsecops declarative-pipeline synk jenkins-declarative github-actions cicd-pipeline github-actions-ci devsecops-pipeline gitleaks-pass synk-configuration

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages