{"id":24674115,"url":"https://github.com/vsingh55/devsecops-pipeline","last_synced_at":"2026-04-13T06:04:01.010Z","repository":{"id":248362690,"uuid":"828272808","full_name":"vsingh55/DevSecOps-Pipeline","owner":"vsingh55","description":"DevSecOps Pipeline ensures secure, automated, and continuously monitored CI/CD processes on GCloud. It integrates security by design, leverages automation through Jenkins and Docker, and employs continuous monitoring with Prometheus and Grafana to maintain application and infrastructure health.","archived":false,"fork":false,"pushed_at":"2024-07-28T23:44:17.000Z","size":9852,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-21T16:15:34.954Z","etag":null,"topics":["automation","bash","devsecops","docker","dockerhub","gcp","gmail","graphana","kubernetes","prometheus","security","sonarqube","terraform","terraform-module","trivy"],"latest_commit_sha":null,"homepage":"https://vijaysingh.cloud/projects/202403-cicd/","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vsingh55.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-13T16:22:18.000Z","updated_at":"2024-12-08T14:12:54.000Z","dependencies_parsed_at":"2025-01-26T11:36:08.589Z","dependency_job_id":null,"html_url":"https://github.com/vsingh55/DevSecOps-Pipeline","commit_stats":null,"previous_names":["vsingh55/devsecops-pipeline-pro","vsingh55/devsecops-pipeline"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vsingh55%2FDevSecOps-Pipeline","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vsingh55%2FDevSecOps-Pipeline/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vsingh55%2FDevSecOps-Pipeline/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vsingh55%2FDevSecOps-Pipeline/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vsingh55","download_url":"https://codeload.github.com/vsingh55/DevSecOps-Pipeline/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244825655,"owners_count":20516592,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","bash","devsecops","docker","dockerhub","gcp","gmail","graphana","kubernetes","prometheus","security","sonarqube","terraform","terraform-module","trivy"],"created_at":"2025-01-26T11:25:37.883Z","updated_at":"2026-04-13T06:04:00.974Z","avatar_url":"https://github.com/vsingh55.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CI/CD with Built-in Security and Automation\n\nA security-centric CI/CD pipeline integrating cutting-edge tools and practices to ensure robust code quality, vulnerability scanning, artifact publishing, secure Kubernetes deployment, and continuous monitoring.\n\n## Introduction\nThis CI/CD pipeline is built on the principles of security, automation, and continuous monitoring to deliver a seamless and secure development and deployment experience.\n\n- **Security by Design**: Security considerations are integrated into every stage of the development and deployment process.\n- **Automation**: The pipeline leverages automation to enhance efficiency, security, and reduce human error.\n- **Continuous Monitoring**: Systems and applications are continuously monitored to detect issues and anomalies promptly.\n\n## Architecture\n\n![arch-withGCP-TF](https://github.com/user-attachments/assets/29105e49-d5f6-483a-9d23-c7378cf6ca3b)\n\n![ArchitectureDiag drawio](https://github.com/user-attachments/assets/833d7aee-8c24-499c-bd04-bc807d492975)\n## Technologies Used\n- **Kubernetes**: Container orchestration platform.\n- **Jenkins**: CI/CD automation server.\n- **SonarQube**: Code quality and static analysis.\n- **Aqua Trivy**: Vulnerability scanning for code and container images.\n- **Nexus Repository**: Artifact repository for secure storage.\n- **Docker**: Containerization technology.\n- **Docker Hub**: Docker image registry.\n- **Kubeaudit**: Tool to audit Kubernetes clusters for various security concerns.\n- **Grafana**: System and application-level monitoring and alerting.\n- **Prometheus**: Collecting and querying metrics from services and endpoints.\n- **Gmail**: Status notifications and alerts.\n\n## Features:\n\n\n## Project Structure\n- **terraform/**: Terraform configuration files.\n- **ModularizedTerraformInfra/**: Modular Terraform code for provisioning infra.\n- **scripts/**: Deployment and automation scripts used with Terraform to automate and setup tools.\n- **Jenkinsfile**: Declarative Jenkins pipeline definition.\n\n## Workflow\n\n### Development\n- Developers create feature branches and push code to GitHub.\n\n### CI/CD Pipeline Trigger\n- Code changes trigger the Jenkins CI/CD pipeline.\n\n### Build and Unit Testing\n- [Build tool] compiles the code and executes unit tests.\n\n### Code Quality and Security\n- **SonarQube** performs code quality analysis.\n- **Aqua Trivy** scans for vulnerabilities in code dependencies.\n\n### Artifact Creation\n- A build artifact (e.g., JAR, WAR) is generated.\n\n### Artifact Publishing\n- The artifact is pushed to Nexus Repository.\n\n### Container Image Build\n- Docker creates a container image using the artifact.\n\n### Image Vulnerability Scan\n- Aqua Trivy scans the image for vulnerabilities.\n\n### Deployment\n- If all checks pass, the image is deployed to Kubernetes.\n\n### Monitoring and Notifications\n- Monitoring solutions track system and website health.\n- Emails are sent for deployment status and critical alerts.\n\n## Screenshots\n- Deployed Website\n ![website](DeployedWebsite.png)\n- Prometheus Target\n ![prmTargets](https://github.com/user-attachments/assets/0ccedee5-e4ac-4fbf-be96-115dad4268ad)\n- Grafana Dashboard\n ![dashboardofgraphanaForJenkinsMachine](https://github.com/user-attachments/assets/12241d06-2046-4991-9b61-aac04af84e01)\n ![prmmonitoringongraphna](https://github.com/user-attachments/assets/bbcf6816-868f-42f3-aa3e-7d7da1abb1de)\n- Blackbox Exporter\n- Notification Recieved\n![mail](https://github.com/user-attachments/assets/e9519cfe-7e75-4b42-b42e-52a26ee3657c)\n- Pipeline Build\n![pipelin](https://github.com/user-attachments/assets/aef9b61e-4c4b-4de4-9f2a-af9b4eae22dd)\n\n\n- Sonarqube\n![sq1](https://github.com/user-attachments/assets/096b495d-6553-4c6b-9550-43438eb3be0d)\n- Docker Image\n![docker](https://github.com/user-attachments/assets/4304edcb-b4b8-42ae-8595-f433593bf979)\n\n\n## **[Read the Blog Post here!](https://blogs.vijaysingh.cloud/project-devsecops-pipeline-pro)**\n\n## Contribution\nContributions to this project are welcome! If you encounter any issues or have suggestions for improvement, feel free to open an issue or submit a pull request.\n\n---\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvsingh55%2Fdevsecops-pipeline","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvsingh55%2Fdevsecops-pipeline","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvsingh55%2Fdevsecops-pipeline/lists"}