Skip to content
/ cicd-code-scan-demo Public
forked from eficode/cicd-code-scan-demo

Repository demonstrating ci/cd pipelines with code scanning.

0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

amrutashety/cicd-code-scan-demo

BranchesTags
 
 

Repository files navigation

Demo Environment

This repository implements a demo of DevSecOps tools against some sample code bases. The goal being to evaluate these tools against each other using the same baseline and also provide examples of usage.

It, presently, contains the following applications to support the demo.

  • Gitlab(13.5.3-ee)
  • Jenkins(2.249.3)
  • SonarQube(8.4.2 Community Edition)

The tools are all demonstrated in a set of Jenkins pipelines. At present the focus is on open source tools and tools with a free tier usage.

DevSecOps Areas

  • Library Scanning: Checking dependencies for security issues. Presently covered are .Net Core, NodeJs. Java coming soon.

Documentation

  • See Setup for getting the demo environemt up and running locally.

  • Each of the categories has its own markdown file listing the different tools that have been evaluated, the reasoning behind the selection of a specific tool and observations regarding them.

  • The Observations section is not about the tools but implementing DevSecOps from a larger perspective.

  • Comments have also been made to the pipeline files to give an overview of usage within the pipelines.

  1. Setup
  2. Library Scanning
  3. Observations

Todo's

  • Add Java pipelines for existing tools.

About

Repository demonstrating ci/cd pipelines with code scanning.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C# 67.1%
  • HTML 17.1%
  • Groovy 5.1%
  • JavaScript 3.9%
  • CSS 2.7%
  • SCSS 2.5%
  • Other 1.6%