https://github.com/maineffort/cavas-devsecops

A proof-of-concept system for devsecops in cloud native architectures.
https://github.com/maineffort/cavas-devsecops

cloud-native-architectures devsecops jenkins-ci secdevops security-automation

Last synced: 5 months ago
JSON representation

A proof-of-concept system for devsecops in cloud native architectures.

• Host: GitHub
• URL: https://github.com/maineffort/cavas-devsecops
• Owner: maineffort
• License: apache-2.0
• Created: 2019-10-05T13:07:40.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2022-11-16T07:58:18.000Z (about 3 years ago)
• Last Synced: 2025-04-05T08:15:37.285Z (10 months ago)
• Topics: cloud-native-architectures, devsecops, jenkins-ci, secdevops, security-automation
• Language: Java
• Homepage:
• Size: 179 KB
• Stars: 1
• Watchers: 1
• Forks: 1
• Open Issues: 4
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
This project improves on an earlier project (https://github.com/maineffort/cavas-security-gateway), by directly integrating security testing into a CI/CD pipeline via Jenkins.

The flexible Jenkins plugins ecosystem is exploited to enable docker image testing and application testing for microservices.

Test results are stored in a database for further risk analysis. 

Additionally mattermost server is used for collaboration between devs, ops and sec teams (yet to add this feature to the public repo).

Some inspirations are drawn from - https://wiki.jenkins.io/display/JENKINS/Anchore+Container+Image+Scanner+Plugin

Some of the core ideas behind this project are published in our paper - [CAVAS: Neutralizing Application and Container Security Vulnerabilities in the Cloud Native Era](https://www.researchgate.net/publication/324273101_CAVAS_Neutralizing_Application_and_Container_Security_Vulnerabilities_in_the_Cloud_Native_Era), presented at Securecomm 2018, Singapore.