Skip to content

Latest commit

 

History

History
74 lines (50 loc) · 3.58 KB

SLS.md

File metadata and controls

74 lines (50 loc) · 3.58 KB
Raw

Purpose

Institutionalizing Shift Left Security adoption for

  1. Secrets Detection
  2. Static Application Security Testing (SAST) Scan
  3. Development Environment Setup
  4. Git Commit
  5. Git Branching

Prerequisites

  1. Visual Studio Code
  2. Remote-Containers ext install ms-vscode-remote.remote-containers
  3. Docker

Getting Started

  1. Enable help and alias
$ source dotfiles/.alias.sh
$ ghelp
  1. Setup commitzen, commitlint and ggshield toolset as git hooks
$ gsetup
  1. Populate .env file with GITHUB_TOKEN, GITGUARDIAN_API_KEY and GITGUARDIAN_API_URL
cp .env.sample .env

Prerequisites - Remote development in Containers

Running Visual Studio Code in a Docker container using the Remote - Containers extension. Goto: https://code.visualstudio.com/docs/remote/containers-tutorial

Developing inside a Container

Toolz Radar

🚀 Tool Collection

Adopt

  1. Docker: Docker takes away repetitive, mundane configuration tasks and is used throughout the development lifecycle for fast, easy and portable application development - desktop and cloud.
  2. cookiecutter: A command-line utility that creates projects from cookiecutters (project templates)
  3. cruft: cruft allows you to maintain all the necessary boilerplate for packaging and building projects separate from the code you intentionally write. Fully compatible with existing Cookiecutter templates
  4. Visual Studio Code Remote - Containers Extension: Leverage Docker container as a full-featured development environment. It allows you to open any folder inside (or mounted into) a container and take advantage of Visual Studio Code's full feature set.
  5. commitizen: Tool that guides the developer through the writing of the commit message
  6. commitlint: Tool that validates the commit message following a set of rules and good practices
  7. pre-commit: A framework for managing and maintaining multi-language pre-commit hooks
  8. gg-shield: CLI application that runs in your local environment or in a CI environment to help you detect more than 200 types of secrets, as well as other potential security vulnerabilities or policy breaks.
  9. git flow: Git extensions to provide high-level repository operations

Quick Background about Remote Containers

Visual Studo Code Remote Containers extension allow us to use docker as a full-featured development environment.

Remote Containters allows us to isolate each project’s development environment with following advantages

  1. Reproducibility: Each developer has exactly the same workspace
  2. Isolation: Workspaces and their dependencies are isolated from each other
  3. Security: Prevents malicious dependencies from installing malware or reading your files.

Each project has a .devcontainer folder. The .devcontainer folder contains the Dockerfile and devcontainer.json configuration for the development environment.

Remote Container