Simple "Hello World" application to demostrate how a DevSecOps approach can help to discover security issues.
- IBM Cloud account
- Kubernetes cluster (free cluster is fine)
Then change the Source repository url in https://github.com/andreainnocenti/demo-secure-coding and select the Kubernetes cluster in the Delivery Pipeline tab.
It implements the following best practices:
- sanity check the Dockerfile prior to attempting creating the image,
- build container image on every Git commit, setting a tag based on build number, timestamp and commit id for traceability
- use a private image registry to store the built image, automatically configure access permissions for target cluster deployment using API tokens than can be revoked,
- check container image for security vulnerabilities,
- insert the built image tag into the deployment manifest automatically,
- use an explicit namespace in cluster to insulate each deployment (and make it easy to clear, by "kubectl delete namespace"),