DevSecOps Pipeline - Wanderlust Travel Blog Application

A comprehensive DevSecOps pipeline implementation for a full-stack travel blog application (Wanderlust) featuring automated security scanning, continuous integration/deployment, infrastructure as code, and container orchestration.

🏗️ Architecture Overview

🚀 Tech Stack

Frontend

• Framework: React 18.2.0 with TypeScript
• Build Tool: Vite
• Styling: Tailwind CSS with custom components
• Routing: React Router DOM
• Form Handling: React Hook Form with Zod validation
• UI Components: Lucide React icons, custom UI library
• Testing: Jest

Backend

• Runtime: Node.js with Express.js
• Database: MongoDB with Mongoose ODM
• Caching: Redis
• Authentication: JWT with bcryptjs
• Testing: Jest with comprehensive coverage
• Security: CORS, compression, cookie-parser

DevOps & Infrastructure

• Containerization: Docker & Docker Compose
• Orchestration: Kubernetes
• CI/CD: Jenkins with shared libraries
• Infrastructure: Terraform (AWS EC2)
• Security Scanning: Trivy, OWASP Dependency Check, SonarQube
• Version Control: Git with GitHub

📁 Project Structure

devSecOps-Pipeline/
├── 🔧 Automations/           # Deployment automation scripts
├── 🌐 backend/               # Node.js Express API
│   ├── api/                  # API endpoints
│   ├── config/               # Database & utility configs
│   ├── controllers/          # Business logic controllers
│   ├── models/               # MongoDB data models
│   ├── routes/               # Express route definitions
│   ├── services/             # External service integrations
│   ├── tests/                # Unit & integration tests
│   └── utils/                # Helper utilities
├── 🎨 frontend/              # React TypeScript application
│   ├── src/
│   │   ├── components/       # Reusable UI components
│   │   ├── pages/            # Application pages
│   │   ├── layouts/          # Layout components
│   │   ├── utils/            # Frontend utilities
│   │   └── types/            # TypeScript type definitions
│   └── public/               # Static assets
├── 🗄️ database/              # Database configurations
├── ☸️ kubernetes/            # K8s deployment manifests
├── 🏗️ terraform/             # Infrastructure as Code
├── 🔄 GitOps/                # GitOps workflow definitions
├── 🐳 docker-compose.yml     # Local development setup
├── 📋 Jenkinsfile            # CI/CD pipeline definition
└── 📚 README.md              # Project documentation

🛠️ Quick Start

Prerequisites

• Node.js (v18+)
• Docker & Docker Compose
• MongoDB (for local development)
• Redis (for caching)

1. Clone Repository

git clone https://github.com/DetonatorC4/devSecOps-Pipeline.git
cd devSecOps-Pipeline

2. Install Dependencies

# Install all dependencies (root, backend, frontend)
npm run installer

# Or install individually
npm install                    # Root dependencies
npm run install-backend       # Backend dependencies
npm run install-frontend      # Frontend dependencies

3. Environment Setup

Create environment files:

Backend (backend/.env):

MONGODB_URI=mongodb://localhost:27017/wanderlust
REDIS_URL=redis://localhost:6379
JWT_SECRET=your-jwt-secret
PORT=8080
NODE_ENV=development

Frontend (frontend/.env):

VITE_API_URL=http://localhost:8080/api
VITE_APP_NAME=Wanderlust

4. Development Setup

Option A: Local Development

# Start all services locally
npm start

# Or start services individually
npm run start-backend         # Backend on :8080
npm run start-frontend        # Frontend on :5173

Option B: Docker Development

# Start all services with Docker Compose
docker-compose up -d

# Services will be available at:
# Frontend: http://localhost:5173
# Backend: http://localhost:31100
# MongoDB: localhost:27017
# Redis: localhost:6379

🔒 Security & DevSecOps Pipeline

Security Scanning Tools

1. Trivy Filesystem Scan

   • Scans source code for vulnerabilities
   • Checks container images for security issues
   • Integrated into Jenkins pipeline

2. OWASP Dependency Check

   • Analyzes project dependencies
   • Identifies known vulnerabilities
   • Generates detailed security reports

3. SonarQube Code Analysis

   • Static code analysis
   • Code quality metrics
   • Security hotspot detection
   • Quality gate enforcement

CI/CD Pipeline Flow

flowchart TD
    A[Code Commit] --> B[Jenkins Trigger]
    B --> C[Workspace Cleanup]
    C --> D[Code Checkout]
    D --> E[Trivy Filesystem Scan]
    E --> F[OWASP Dependency Check]
    F --> G[SonarQube Analysis]
    G --> H{Quality Gates Pass?}
    H -->|Yes| I[Environment Setup]
    H -->|No| Z[Pipeline Fails]
    I --> J[Parallel Build]
    J --> K[Frontend Build]
    J --> L[Backend Build]
    K --> M[Docker Build & Push]
    L --> M
    M --> N[Deploy to Kubernetes]
    N --> O[Health Check]
    O --> P[Pipeline Success]

Loading

Jenkins Pipeline Features

• Parallel Execution: Frontend & Backend builds
• Security Gates: Automated security scanning
• Quality Assurance: Code quality enforcement
• Artifact Management: Automated artifact archiving
• Deployment Automation: Seamless deployment to Kubernetes

🏗️ Infrastructure as Code

Terraform Configuration

• Provider: AWS
• Region: ap-south-1 (configurable)
• Instance Type: t2.large (configurable)
• Infrastructure: EC2 instances for Jenkins & K8s clusters

Deployment Commands

cd terraform/
terraform init
terraform plan
terraform apply

☸️ Kubernetes Deployment

Cluster Setup

The project includes comprehensive Kubernetes manifests for:

• Application Pods: Frontend & Backend deployments
• Services: Load balancing and service discovery
• Persistent Storage: MongoDB data persistence
• ConfigMaps & Secrets: Configuration management
• Redis Cache: Session and data caching

Deployment Commands

# Apply all Kubernetes manifests
kubectl apply -f kubernetes/

# Monitor deployment
kubectl get pods -w
kubectl get services

Available Services

• Frontend Service: Web application interface
• Backend Service: API endpoints
• MongoDB Service: Database with persistent storage
• Redis Service: Caching layer

🧪 Testing

Backend Testing

cd backend/
npm test                      # Run all tests
npm run test -- --coverage   # Run with coverage report

Frontend Testing

cd frontend/
npm test                      # Run Jest tests
npm run lint                  # ESLint analysis

Test Coverage

• Unit Tests: Controller and utility functions
• Integration Tests: API endpoint testing
• Component Tests: React component testing

📊 Monitoring & Observability

Application Monitoring

• Health Checks: Built-in application health endpoints
• Logging: Structured logging with different levels
• Metrics: Performance and usage metrics collection

Infrastructure Monitoring

• Container Metrics: Docker container resource usage
• Kubernetes Metrics: Pod and service health monitoring
• Security Metrics: Vulnerability scan results

🔧 Configuration

Docker Configuration

• Multi-stage builds for optimized images
• Environment-specific configurations
• Health checks for container monitoring
• Resource limits for production deployments

Kubernetes Configuration

• Resource quotas and limits
• Rolling updates for zero-downtime deployments
• Horizontal Pod Autoscaling for load management
• Network policies for security

🚀 Deployment Strategies

Development Environment

docker-compose up -d

Staging Environment

# Deploy to staging Kubernetes cluster
kubectl apply -f kubernetes/ --namespace=staging

Production Environment

# Production deployment through Jenkins CD pipeline
# Triggered automatically after successful CI pipeline

🤝 Contributing

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request