DevSecOps

This repo is used for testing DevSecOps practices and toolsets, and is used for demonstration purposes only.

WARNING

This repo contains code that is purposefully vulnerable and insecure. Use at your own risk!

Azure DevOps (ADO) Pipelines

The following YAML-based Azure DevOps (ADO) pipelines have been created and tested:

APP
DATA
- PENDING
INFRA
SEC
- Anchore
- AquaSec Trivy
- Microsoft CredScan
- OWASP ZAP
- Snyk
- YELP Detect-Secrets
- TruffleHog (INCOMPLETE)
- ShiftLeftScan

GitHub Actions (GHA) Workflows

The following YAML-based GitHub Actions (GHA) Workflows have been created and tested:

To-Do:

Add examples for:
- Dockle
- Docker Bench for Security
- DockerDive
- DockerSlim