{"id":28955850,"url":"https://github.com/u2i/webapp-team-app","last_synced_at":"2025-06-23T20:11:53.272Z","repository":{"id":299484397,"uuid":"1003198436","full_name":"u2i/webapp-team-app","owner":"u2i","description":"ISO 27001/SOC 2/GDPR compliant webapp application with GitOps deployment pipeline","archived":false,"fork":false,"pushed_at":"2025-06-16T19:51:46.000Z","size":35,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-16T20:39:04.725Z","etag":null,"topics":["belgium","cloud-deploy","compliance","gcp","gdpr","gitops","iso27001","kubernetes","soc2"],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/u2i.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-16T19:22:47.000Z","updated_at":"2025-06-16T19:39:39.000Z","dependencies_parsed_at":"2025-06-16T20:39:10.077Z","dependency_job_id":"45215445-4e40-4bee-9d9b-5ed71a49ecfc","html_url":"https://github.com/u2i/webapp-team-app","commit_stats":null,"previous_names":["u2i/webapp-team-app"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/u2i/webapp-team-app","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/u2i%2Fwebapp-team-app","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/u2i%2Fwebapp-team-app/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/u2i%2Fwebapp-team-app/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/u2i%2Fwebapp-team-app/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/u2i","download_url":"https://codeload.github.com/u2i/webapp-team-app/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/u2i%2Fwebapp-team-app/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261548755,"owners_count":23175502,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["belgium","cloud-deploy","compliance","gcp","gdpr","gitops","iso27001","kubernetes","soc2"],"created_at":"2025-06-23T20:11:52.739Z","updated_at":"2025-06-23T20:11:53.255Z","avatar_url":"https://github.com/u2i.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# WebApp Team - Compliant Application Repository\n\nThis repository contains the WebApp Team's application deployment infrastructure following ISO 27001, SOC 2 Type II, and GDPR compliance requirements.\n\n## 🏗️ Repository Structure\n\n```\nwebapp-team-app/\n├── .github/workflows/           # GitOps CI/CD workflows for application\n├── k8s-manifests/              # Kubernetes application manifests\n├── k8s-infra/                  # Team-managed infrastructure (RBAC, quotas)\n├── configs/                    # Environment-specific configurations\n├── clouddeploy.yaml           # Cloud Deploy pipeline configuration\n├── skaffold.yaml              # Application build and deploy\n├── app.js                     # Sample application code\n├── Dockerfile                 # Container image definition\n└── README.md                  # This file\n```\n\n## 🏗️ Infrastructure Repository\n\n**Infrastructure as Code** is managed separately at:\n**[webapp-team-infrastructure](https://github.com/u2i/webapp-team-infrastructure)**\n\nThis includes:\n- Terraform configuration for the tenant project\n- GitOps workflows with Slack approval\n- Kubernetes namespace and RBAC setup\n- Infrastructure compliance automation\n\n## 🔒 Compliance Features\n\n### ISO 27001 Controls\n- **A.12.1.2** Change management via GitOps workflows\n- **A.9.4.1** Access restriction through RBAC\n- **A.12.4.1** Comprehensive audit logging\n- **A.12.6.1** Vulnerability scanning via Binary Authorization\n\n### SOC 2 Type II Requirements  \n- **CC8.1** Change control with approval gates\n- **CC6.1** Logical access controls\n- **CC6.6** Audit logging and monitoring\n- **CC7.2** Continuous monitoring\n\n### GDPR Compliance (EU/Belgium)\n- **Art. 25** Data protection by design\n- **Art. 32** Security of processing\n- **Data residency** in EU (europe-west1)\n\n## 🚀 Deployment Workflow\n\n### Development Flow\n1. **Feature branch** → Create PR\n2. **Automated checks** → Compliance validation, security scanning\n3. **Code review** → Team approval required\n4. **Merge to main** → Auto-deploy to non-production\n\n### Production Flow  \n1. **Production release** → Manual promotion from non-prod\n2. **Security review** → Automated compliance checks\n3. **Approval gate** → Security team approval required\n4. **Production deployment** → With full audit trail\n\n## 🔧 Getting Started\n\n### Prerequisites\n- Access to `u2i-tenant-webapp` GCP project\n- Membership in `webapp-team@u2i.com` Google Group\n- GitHub repository access with proper branch protection\n\n### Local Development\n```bash\n# Build and test locally\ndocker build -t webapp .\ndocker run -p 8080:8080 webapp\n\n# Deploy to non-production  \ngcloud deploy releases create dev-$(date +%Y%m%d-%H%M%S) \\\n  --project=u2i-tenant-webapp \\\n  --region=europe-west1 \\\n  --delivery-pipeline=webapp-delivery-pipeline \\\n  --source=.\n```\n\n### Environment Promotion\n```bash\n# Promote to production (requires approval)\ngcloud deploy releases promote \\\n  --project=u2i-tenant-webapp \\\n  --region=europe-west1 \\\n  --delivery-pipeline=webapp-delivery-pipeline \\\n  --release=RELEASE_NAME \\\n  --to-target=prod-gke\n```\n\n## 📋 Compliance Checklist\n\nBefore each deployment, ensure:\n- [ ] All containers have resource limits\n- [ ] Security contexts are properly configured\n- [ ] Images are from approved registries\n- [ ] Secrets are managed via Secret Manager\n- [ ] Network policies are in place\n- [ ] Audit logging is enabled\n\n## 🆘 Support\n\n- **Team Lead**: webapp-team@u2i.com\n- **Security Issues**: security-team@u2i.com  \n- **Platform Support**: platform-team@u2i.com\n- **Compliance Questions**: compliance@u2i.com# Test GitOps Pipeline\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fu2i%2Fwebapp-team-app","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fu2i%2Fwebapp-team-app","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fu2i%2Fwebapp-team-app/lists"}