- Docker
- Docker-compose
- Forking the repository
Make a git fork of this repository through the Github user interface. This will allow you to make commits and push changes to your own copy of the source code.
Then, make a clone of your fork of this repository to your local computer:
git clone https://github.com/[REPLACE-WITH-YOUR-FORK]/sample-flask-app.git
For this exercise, running the application is not necessary.
We will use Hawkeye to scan secrets in the code base.
Run Hawkeye in Docker with:
docker run --rm -v $PWD:/target hawkeyesec/scanner-cli:latest
Did you find anything interesting?
For this exercise, running the application is not necessary.
-
Follow the Talisman installation instructions in Talisman.md
-
In our sample application, open the file
web/config.py
in a text editor of your choice.
Add a benign change to the file by adding an exra line to the end of the file, or a space somewhere. It can be anything as long as it doesn't affect the code.
Save the file.
- Do a git add of the file. e.g.
git add web/config.py
.
Then do a git commit. e.g. git commit -m "testing talisman"
If all is working, you should be prompted by talisman about a potential secret being checked-in.
You can then unstage your changes and checkout all files to revert your local repository to it's previous state.
For example:
git reset
git checkout .
Run the build server by following the instructions in the sample-deploy-pipeline
Jenkins repository located here.
The Flask application consists of two docker containers:
- A frontend website written in Python Flask
- A backend database using PostgreSQL
It is a simple message-posting application where messages entered by the user in the web interface are written to the PostgreSQL database. The web front-end shows all messages entered by users.
Configure the CI/CD pipeline by following instructions available in building-the-pipeline.md
Follow the instructions available in adding-hawkeye.md
We will update our code to remove secrets in code and instead, use Ansible Vault to source them.
Follow the instructions in handling-secrets.md.