https://github.com/thayeeb9211/ortho-secure
Orthosecure: Secure Dentistry Appointment Booking and Management System. It is designed to be robust and secure application with enhanced security and compliance checks within containerized environments. It leverages cutting-edge technologies to monitor, analyze, and secure workloads in real-time.
https://github.com/thayeeb9211/ortho-secure
cicd csrf-attacks ddos-attacks devsecops docker-compose docker-image gitlab security xss-attacks xss-vulnerability
Last synced: 3 months ago
JSON representation
Orthosecure: Secure Dentistry Appointment Booking and Management System. It is designed to be robust and secure application with enhanced security and compliance checks within containerized environments. It leverages cutting-edge technologies to monitor, analyze, and secure workloads in real-time.
- Host: GitHub
- URL: https://github.com/thayeeb9211/ortho-secure
- Owner: thayeeb9211
- License: mit
- Created: 2025-02-20T09:30:28.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-03-07T18:00:38.000Z (about 1 year ago)
- Last Synced: 2025-06-15T05:38:52.500Z (12 months ago)
- Topics: cicd, csrf-attacks, ddos-attacks, devsecops, docker-compose, docker-image, gitlab, security, xss-attacks, xss-vulnerability
- Language: JavaScript
- Homepage: https://gitlab.com/nidith/orthosecure
- Size: 14.4 MB
- Stars: 1
- Watchers: 1
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# OrthoSecure
## Overview
Orthosecure is a fully responsive, full-stack web application designed to streamline dentistry appointment bookings, enhance administrative workflows, and improve patient engagement. With its user-friendly interface and powerful administrative panel, Orthosecure empowers dental practices to efficiently manage appointments, patient records, and clinic operations.
OrthoSecure is a robust and secure application designed to enhance security and compliance within containerized environments. It leverages cutting-edge technologies to monitor, analyze, and secure workloads in real-time.
## Features
- **Appointment Booking System:** Allows patients to book, modify, or cancel appointments online with ease.
- **Admin Panel:** Provides clinic administrators with full control over scheduling, patient records, and appointment history.
- **User Authentication:** Secure patient and admin login with session-based management.
- **Responsive Design:** Ensures seamless usability across all devices, including desktops, tablets, and mobile phones.
- **Container Security:** Implements security best practices to safeguard Docker-based environments.
- **Automated Scanning:** Uses SonarQube and other tools for vulnerability detection.
- **CI/CD Integration:** Seamless integration with GitLab CI/CD pipeline.
- **Ease of Deployment:** Simple setup with Docker and Kubernetes.
- **Policy Enforcement:** Implements security policies using Falco and other monitoring tools.
## Tools and technologies: Python, HTML, CSSS, Javascript, Docker, Kubernetes, Trivy, SonarQube, Git, Gitlab, Terraform, AWS services and GitHub Actions.
## Complete Video Demonstration is available in Reports/ folder
Our dedicated Reports folder explains the overall project Documentation with ease. Make sure you do check it before you proceed.
## Project Team Members
This project was Contributed by
1. **[Nidith VS](https://github.com/0xfarben)** **[Linkedin Link](https://www.linkedin.com/in/nidith/)**
2. **[Ramachandragowda S Patil](https://github.com/Ram-82)** **[Linkedin Link](https://www.linkedin.com/in/ramachandragowda-s-p-b9706a228/)**
3. **[Satish Biradar](https://github.com/satishbiradar0099)** **[Linkedin Link](https://www.linkedin.com/in/satish-biradar-38023a284/)**
# What is DevSecOps
DevSecOps focuses on security automation, testing and enforcement during DevOps - Release - SDLC cycles. The whole meaning behind this methodology is connecting together Development, Security and Operations. DevSecOps is methodology providing different methods, techniques and processes backed mainly with tooling focusing on developer / security experience.
DevSecOps takes care that security is part of every stage of DevOps loop - Plan, Code, Build, Test, Release, Deploy, Operate, Monitor.
Various definitions:
* https://www.redhat.com/en/topics/devops/what-is-devsecops
* https://www.ibm.com/cloud/learn/devsecops
* https://snyk.io/series/devsecops/
* https://www.synopsys.com/glossary/what-is-devsecops.html
* https://spacelift.io/blog/what-is-devsecops
## DevSecOps Archictecture
## Getting Started
### Prerequisites
Ensure you have the following installed:
- Docker & Docker Compose
- Git, GitLab Account
- Python 3.11 and JAVA JDK 17
- SonarQube & Sonar-Scanner (for static code analysis)
- AWS Account and CLI configured
- Terraform CLI configured
# Security-Focused DevSecOps Tool Implementation š
Security is a top priority in this project. Below are the DevSecOps security tools integrated into the development pipeline to ensure code quality, vulnerability detection, and secure infrastructure management.
## 1ļøā£ Trivy - Container & Dependency Scanning š
Why it's used?
Trivy is an open-source vulnerability scanner used to scan Docker images, file systems, and dependencies for security vulnerabilities.
It provides CVE (Common Vulnerabilities and Exposures) reports to ensure the container images are secure before deployment.
Benefits:
ā
Fast and accurate vulnerability scanning.
ā
Seamlessly integrates with GitLab CI/CD.
ā
Helps maintain compliance and security best practices.
## 2ļøā£ SonarQube & Static Code Analysis in GITLAB with Ci/CD š ļø
### Results of Auto-Enabling the SAST and IaC security Check on GITLAB
### Results of SonarQube Dashboard for Scanning full source code
Why it's used?
SonarQube is used to perform static code analysis to detect bugs, vulnerabilities, and maintainability issues.
It helps enforce coding standards and security best practices.
we have also Auto-enabled it in GITLAB for continous evaluation.
Benefits:
ā
Detects security flaws like SQL injection and XSS.ā
Improves code maintainability and readability.ā
Provides in-depth security insights for developers.
## 3ļøā£ Bandit - Python Security Linter š
Why it's used?
Bandit is a security linter specifically for Python code, helping identify security vulnerabilities in Python scripts and applications.
It scans the code for common security issues such as hardcoded passwords and insecure function usage.
Benefits:
ā
Helps catch security flaws early in development.ā
Ensures Python code adheres to security best practices.ā
Integrates easily with CI/CD pipelines for automated checks.
## 4ļøā£ Black - Python Code Formatter šØ
Why it's used?
Black is an opinionated Python code formatter that ensures consistent and readable code.
It eliminates syntax-related security issues by enforcing a uniform coding style.
Benefits:
ā
Improves code readability and maintainability.ā
Reduces syntax-related security vulnerabilities.ā
Makes collaboration easier by enforcing a consistent format.
## 5ļøā£ Terraform - Infrastructure as Code (IaC) šļø
Why it's used?
Terraform is used to manage infrastructure as code, enabling automated deployment and management of cloud resources.
It ensures reproducibility, consistency, and security in infrastructure provisioning.
Benefits:
ā
Enables version control and automation of infrastructure.ā
Reduces human errors and misconfigurations.ā
Ensures security by enforcing controlled infrastructure deployment.
## 6ļøā£ Kubernetes - Container Orchestration ā”
Why it's used?
Kubernetes manages containerized applications by automating deployment, scaling, and operations.
It ensures high availability, load balancing, and secure container orchestration.
Benefits:
ā
Efficient container management with automated scaling.ā
Built-in security policies and access controls.ā
Provides resilience and fault tolerance for applications.
## 7ļøā£ HashiCorp Vault - Secrets Management š
Why it's used?
HashiCorp Vault is used for securely storing and managing sensitive data such as API keys, credentials, and certificates.
It integrates with Kubernetes to inject secrets into containers securely.
Benefits:
ā
Centralized secrets management with access control.ā
Protects sensitive data with encryption.ā
Provides dynamic secrets, reducing exposure risk.
These security tools work together to create a robust DevSecOps pipeline, ensuring security at every stage of development. šš”
### Installation
1. Clone the repository:
```sh
git clone https://github.com/thayeeb9211/ortho-secure.git
cd ortho-secure
```
2. Set up environment variables and sonar properties:
```sh
[Make sure you create a .env file and add up your values in .env]
MYSQL_HOST=
MYSQL_DATABASE=
MYSQL_USER=
MYSQL_PASSWORD=
MYSQL_ROOT_PASSWORD=
FLASK_ENV=development
MYSQL_PORT=3306
MYSQL_INITDB_SKIP_TZINFO=1
SONAR_HOST_URL= "http://localhost:9000" or maybe different in your case [make sure it is reachable]
SONAR_LOGIN=
SECRET_KEY =
MAIL_PASSWORD =
[Make sure you create a sonar-project.properties file and add up your values in sonar-project.properties]
sonar.projectKey=your_project_key_here
sonar.token=your_sonar_token_here
sonar.sources=.
sonar.qualitygate.wait=true
sonar.host.url=http://your_sonar_host_url_here
sonar.python.version=your_python_version_here
```
3. Start the application on Docker:
```sh
./execute.sh
```
4. Run security code scans:
```sh
By Running bandit -r in the Currect directory.
```
4. Run SAST scans by ensuring it has sonarsacnner [properties configured]:
```sh
make sure your Sonar Scanner config properties are like this -- >
sonar.projectKey=nidith_orthosecure_03ac60c4-e7f9-4f33-b330-4f90a86cc655
sonar.token=
sonar.sources=.
sonar.qualitygate.wait=true
sonar.host.url=http://localhost:9000/ # Use proper HTTP url
sonar.python.version=3.11
if u are not getting how to do it, you can read the PHASE 4 Document in the Reports/ folder
For a SAST Security check run sonar-scanner in the root directory.
```
## CI/CD Integration
OrthoSecure integrates with GitLab CI/CD using `.gitlab-ci.yml`, ensuring continuous security analysis and compliance checks.
## š ļø Author & Community
This project is crafted by **[Mohammed Thayeeb Shariff](https://github.com/thayeeb9211/)** š”
Iād love to hear your feedback! Feel free to share your thoughts.
š§ **Connect with me:**
- **LinkedIn**: [Mohammed Thayeeb Shariff](https://www.linkedin.com/in/mohammed-thayeeb-shariff-2b614b2b2/)
---
## ā Support the Project
If you found this helpful, consider **starring** ā the repository and sharing it with your network! š
### š¢ Stay Connected
https://data-driven-portfolio-s3q1onv.gamma.site/
---
**OrthoSecure - Securing Containers, Simplifying Security.** š
## License
This project is licensed under the terms specified in the `LICENSE` file.