{"id":21828467,"url":"https://github.com/light-hat/python-devsecops","last_synced_at":"2025-07-20T13:31:49.451Z","repository":{"id":261680375,"uuid":"879876036","full_name":"light-hat/python-devsecops","owner":"light-hat","description":"🐍📊 DevSecOps pipeline for Python3 web applications (SAST, DAST, SCA).","archived":false,"fork":false,"pushed_at":"2024-11-19T00:00:34.000Z","size":1035,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-11-19T01:17:17.830Z","etag":null,"topics":["devops","devsecops","python3","security","vulnerability-detection","vulnerability-management"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/light-hat.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-28T17:45:16.000Z","updated_at":"2024-11-19T00:09:26.000Z","dependencies_parsed_at":"2024-11-07T21:40:45.508Z","dependency_job_id":null,"html_url":"https://github.com/light-hat/python-devsecops","commit_stats":null,"previous_names":["light-hat/area-51","light-hat/python-devsecops"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/light-hat%2Fpython-devsecops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/light-hat%2Fpython-devsecops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/light-hat%2Fpython-devsecops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/light-hat%2Fpython-devsecops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/light-hat","download_url":"https://codeload.github.com/light-hat/python-devsecops/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":226797755,"owners_count":17683673,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devops","devsecops","python3","security","vulnerability-detection","vulnerability-management"],"created_at":"2024-11-27T18:16:33.871Z","updated_at":"2024-11-27T18:16:34.519Z","avatar_url":"https://github.com/light-hat.png","language":"Shell","readme":"\u003ch1 align=\"center\"\u003e🐍 Python DevSecOps pipeline\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://img.shields.io/github/license/Ileriayo/markdown-badges?style=for-the-badge\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/vagrant-%231563FF.svg?style=for-the-badge\u0026logo=vagrant\u0026logoColor=white\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/ansible-%231A1918.svg?style=for-the-badge\u0026logo=ansible\u0026logoColor=white\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/docker-%230db7ed.svg?style=for-the-badge\u0026logo=docker\u0026logoColor=white\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/jenkins-%232C5263.svg?style=for-the-badge\u0026logo=jenkins\u0026logoColor=white\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/SonarQube-black?style=for-the-badge\u0026logo=sonarqube\u0026logoColor=4E9BCD\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003eВиртуальная инфраструктура для быстрой интеграции DevSecOps в процессы разработки веб-приложений на Python3.\u003c/p\u003e\n\n## 🚀 Let's go!\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"assets/vagrant_demo.gif\"\u003e\n\u003c/p\u003e\n\n1. Добавьте следующее в ваш `hosts` файл:\n\n```text\n127.0.0.1 jenkins.devops.local\n127.0.0.1 defectdojo.devops.local\n127.0.0.1 sonarqube.devops.local\n127.0.0.1 nexus.devops.local\n127.0.0.1 zap.devops.local\n127.0.0.1 api.zap.devops.local\n127.0.0.1 sandbox.devops.local\n```\n\n\u003e [!TIP]\n\u003e Где находится файл hosts?\n\u003e\n\u003e В Windows: `C:\\Windows\\System32\\hosts`\n\u003e\n\u003e В Linux: `/etc/hosts`\n\n2. Запустите виртуалку:\n\n\u003e [!WARNING]  \n\u003e Должны быть установлены `Vagrant` и `VirtualBox`.\n\n\u003e [!TIP]\n\u003e Базовый box `ubuntu/focal64` можно скачать [отсюда](https://portal.cloud.hashicorp.com/vagrant/discover/ubuntu/focal64).\n\n```shell\nvagrant up\n```\n\n## 🔒 Первичный доступ к сервисам\n\n### Jenkins\n\n- Админ: `admin:admin`\n\n- Разработчик: `developer:developer`\n\n- Наблюдатель: `viewer:viewer`\n\n### SonarQube\n\nЛогин: `admin`\n\nПароль: `admin`\n\n### DefectDojo\n\nЛогин: `admin`\n\nПароль получаем командой:\n\n```shell\nvagrant ssh -c \"cd /vagrant/defectdojo \u0026\u0026 sudo docker compose logs initializer | grep 'Admin password:'\"\n```\n\n### Nexus\n\nЛогин: `admin`\n\nПароль получаем командой:\n\n```shell\nvagrant ssh -c \"cd /vagrant/nexus \u0026\u0026 sudo docker compose exec nexus cat /nexus-data/admin.password\n```\n\n## 🚩 Уязвимые приложения\n\nTODO: дописать\n\n## 📈 Тестирование эффективности\n\nTODO: сравнительная таблица для заложенных и найденных уязвимостей в приложениях\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flight-hat%2Fpython-devsecops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flight-hat%2Fpython-devsecops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flight-hat%2Fpython-devsecops/lists"}