Skip to content

A proof-of-concept system for devsecops in cloud native architectures.

License

Notifications You must be signed in to change notification settings

maineffort/cavas-devsecops

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

This project improves on an earlier project (https://github.com/maineffort/cavas-security-gateway), by directly integrating security testing into a CI/CD pipeline via Jenkins. The flexible Jenkins plugins ecosystem is exploited to enable docker image testing and application testing for microservices. Test results are stored in a database for further risk analysis.

Additionally mattermost server is used for collaboration between devs, ops and sec teams (yet to add this feature to the public repo).

Some inspirations are drawn from - https://wiki.jenkins.io/display/JENKINS/Anchore+Container+Image+Scanner+Plugin

Some of the core ideas behind this project are published in our paper - CAVAS: Neutralizing Application and Container Security Vulnerabilities in the Cloud Native Era, presented at Securecomm 2018, Singapore.

About

A proof-of-concept system for devsecops in cloud native architectures.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published