documentation finished

README.md

@@ -13,7 +13,9 @@
 # Introduction
 DevSecOps k8s cluster with GitLab (configured using Terraform) and pipelines for code with SCA (OWASP dependency check), SAST (Sonarqube) and DAST (Arachni), and infrastructure as code with IaC security analysis (Checkov) to deploy to Azure. Production and preproduction environments.
 
-This repo contains a set of bash scripts to setup a DevSecOps kubernetes cluster in minikube. GitLab and Sonarqube get installed in it, and then GitLab is configured using it's Terraform provider. 
+This repo contains a set of bash scripts to setup a DevSecOps kubernetes cluster in minikube. GitLab and Sonarqube get installed in it, and then GitLab is configured using it's Terraform provider. It requires a host with at least 32 gigabytes of RAM, and eight to twelve cores. The machine needs to have Docker, Helm, Minikube, and Kubectl installed. The three latter can be downloaded and made available to the system with the included `download.sh` script. Another machine is also requried, and it needs to have access to the one in which `launch.sh` is triggered. In my tests I used a VirtualBox virtual machine, but the same host could also be used. This machine needs to have Azure CLI, Docker, and Terraform installed. Additionally, the scripts expect `az-cli` to be already logged into.
+
+Executing `launch.sh` will make changes to the machine's `/etc/hosts`, appending a line with the subdomains that will be used. It will also result in several docker images being downloaded to the local registry.
 
 <br>
 

documentation/latex/glossary.tex

@@ -44,9 +44,21 @@
 \newacronym{k8s}{K8s}{Kubernetes (K, 8 letters, s)}
 \newacronym{dns}{DNS}{Domain Name Service}
 \newacronym{cri}{CRI}{Kubernetes Container Runtime Interface}
-\newacronym{crio}{CRI-O}{Container Runtime Interface - OpenShift}
+\newacronym{crio}{CRI-O}{Container Runtime Interface - \\OpenShift}
 \newacronym{pat}{PAT}{Personal Access Token}
 \newacronym{uat}{UAT}{User Acceptance Testing}
+\newacronym{ca}{CA}{Certificate Authority}
+\newacronym{pki}{PKI}{Public Key Infrastructure}
+\newacronym{csr}{CSR}{Certificate Signing Request}
+\newacronym{owasp}{OWASP}{Open Worldwide Application Security Project}
+\newacronym{cve}{CVE}{Common Vulnerabilities and Exposures}
+\newacronym{xss}{XSS}{Cross-site Scripting}
+\newacronym{sca}{SCA}{Software Composition Analysis}
+\newacronym{sast}{SAST}{Static Application Security Testing}
+\newacronym{dast}{DAST}{Dynamic Application Security Testing}
+\newacronym{cva}{CVA}{Container Vulnerability Analysis}
+\newacronym{acl}{ACL}{Access Control List}
+\newacronym{ha}{HA}{High Availability}
 
 \newglossaryentry{azure}{
     name={Azure},

documentation/latex/references.bib

@@ -170,4 +170,44 @@ @online{seppanen
 	year="2021",
 	month="5",
 	url="https://www.puppeteers.net/blog/managing-self-hosted-gitlab-with-terraform/"
+}
+@online{downloadsecurefiles,
+	title = {download-secure-files · GitLab},
+	url = {https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files},
+}
+@online{securefilesapi,
+	title = {Project-level Secure Files API | GitLab},
+	url = {https://docs.gitlab.com/15.9/ee/api/secure_files.html},
+    addendum="(v15.9)"
+}
+@online{easyrsadocs,
+	month="10",
+    day="09",
+    year="2017",
+	title={easy-rsa/README.quickstart.md at master · OpenVPN/easy-rsa},
+	url="https://github.com/OpenVPN/easy-rsa/blob/master/README.quickstart.md",
+}
+@online{badawy,
+	author="Muhammad Badawy",
+    month="03",
+    day="28",
+    year="2023",
+    title="Apply Mutual TLS Over a Kubernetes Nginx Ingress Controller",
+	url="https://earthly.dev/blog/mutual-tls-kubernetes-nginx-ingress-controller/",
+}
+@online{awsowasp,
+	date = {2021-01-21},
+	title = {Building end-to-end AWS DevSecOps CI/CD pipeline with open source SCA, SAST and DAST tools | Amazon Web Services},
+	url = {https://aws.amazon.com/blogs/devops/building-end-to-end-aws-devsecops-ci-cd-pipeline-with-open-source-sca-sast-and-dast-tools/},
+}
+@online{updateaci,
+	author="{Microsoft} and tomvcassidy and huypub and amjadaljuniadi and Nickomang and v-kents and DCtheGeek and dlpow and mmacy and Karishma-Tiwari-MSFT",
+	title={{Update containers in Azure Container Instances}},
+	url="https://learn.microsoft.com/en-us/azure/container-instances/container-instances-update#update-a-container-group",
+	year="2022",
+	month="06"
+}
+@online{aciaz,
+	title={{az container | Microsoft docs}},
+	url="https://learn.microsoft.com/en-us/cli/azure/container?view=azure-cli-latest#az-container-restart"
 }

documentation/sonarqube-pipeline-commands.sh

@@ -0,0 +1,3 @@
+export SONAR_SCANNER_OPTS="-Djavax.net.ssl.trustStore="/builds/app-repos/backend-code/truststore.jks" -Djavax.net.ssl.trustStorePassword=$SONAR_KEYSTORE_PW"
+sonar-scanner -Dsonar.projectKey="$CI_PROJECT" -Dsonar.sources=. -Dsonar.host.url="https://sonar.gitlab.local/" -Dsonar.login="$SONAR_TOKEN" -X
+