Secure DevOps Demo w/ CIS Docker Benchmark

A vulnerable NodeJS app to demonstrate secure container mangement practices according CIS Docker Benchmark v1.5.0.

The system proposes a DevSecOps framework leveraging static analysis and dynamic analysis tools implemented through GitHub Actions workflow.

Integrated Tools

Continuous Integration - Static analysis
1. Dockerfile scan (Trivy)
2. Docker Image scan (docker scout)
  - Quickview report
  - Base image report
  - CVE report
💡 NOTE: After CI run, Docker Image is available Docker Hub
Continuous Deployment - Dynamic analysis
1. CIS Benchmark scan (docker-bench)
  - Report
2. Falco Runtime Event Detection
  - Events Log
💡 NOTE: CD run initiates with the Docker image being deployed on the server

Name		Name	Last commit message	Last commit date
Latest commit History 60 Commits
.github/workflows		.github/workflows
static-assets		static-assets
user-data-ftp		user-data-ftp
userfiles		userfiles
.dockerignore		.dockerignore
.gitignore		.gitignore
Dockerfile		Dockerfile
Dockerfile.vuln		Dockerfile.vuln
README.md		README.md
package.json		package.json
server.js		server.js
sshd_config		sshd_config
static_analysis_engine.sh		static_analysis_engine.sh