Skip to content
/ cavas-devsecops Public

A proof-of-concept system for devsecops in cloud native architectures.

License

Apache-2.0 license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

maineffort/cavas-devsecops

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
diagrams
diagrams
 
 
src/main
src/main
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

This project improves on an earlier project (https://github.com/maineffort/cavas-security-gateway), by directly integrating security testing into a CI/CD pipeline via Jenkins. The flexible Jenkins plugins ecosystem is exploited to enable docker image testing and application testing for microservices. Test results are stored in a database for further risk analysis.

Additionally mattermost server is used for collaboration between devs, ops and sec teams (yet to add this feature to the public repo).

Some inspirations are drawn from - https://wiki.jenkins.io/display/JENKINS/Anchore+Container+Image+Scanner+Plugin

Some of the core ideas behind this project are published in our paper - CAVAS: Neutralizing Application and Container Security Vulnerabilities in the Cloud Native Era, presented at Securecomm 2018, Singapore.

About

A proof-of-concept system for devsecops in cloud native architectures.

Topics

jenkins-ci secdevops security-automation devsecops cloud-native-architectures

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages