devsecops

This basic note-taking application is used to showcase the different GitLab features around security and governance. To get started checkout the Full Tutorial Documentation.

This project leverages GitLab's DevOps platform to demonstrate the seamless integration of development, security, and operations in deploying a cloud-native application. It highlights GitLab CI/CD pipelines and security scanning, showcasing a streamlined, secure software delivery process.

Documentation about many devops things

Security pipelines

Scans selected files for patterns stated in rules. This is used in order to find secrets you may have accidentally written to a file. This scanner is used to show how the GitLab vulnerability report can be populated by a custom scanner. You can see a demo of it in action be following the documentation in the Secret List project.

Basic note-taking application used to learn how to implement DevSecOps with GitLab. Be sure to start by reading the docs!

Hosted by @dnsmichi, guest: @mzille-ext

Runs a vulnerability scan using OpalOPC against a target server and creates an HTML and a SARIF report for the scan on completion.

Shiftleft CLI auto builder for Docker Hub

AI DevSecOps Serverless Scanners.

GitLab Duo Coffee Chat, hosted by @dnsmichi Guest: Michael Aigner, @tonka3000

Проект представляет собой GitLab репозиторий, настроенный для автоматической сборки и проверки Docker образов с использованием CI/CD pipeline. Основной целью проекта является демонстрация процесса интеграции и непрерывной доставки (CI/CD) в разработке программного обеспечения, а также контроль безопасности образов Docker при помощи инструмента Trivy. Проект включает в себя создание двух Docker образов, одного с критическими уязвимостями и другого с не критическими, и автоматическое управление merge requests для обеспечения безопасности и качества кода. Результаты работы проекта могут быть проверены и просмотрены в разделе "Code" > "Merge requests" на Gitlab.com.

Organisation for #everyonecancontribute cafe sessions (ideas & tasks)

Damn Vulnerable NodeJS Application used as a POC for upcoming DevSecOps pipeline.

A wiki on cloud security

SecureApps@CI is a system for incorporating arbitrary safety tests in CI/CD pipelines.

Google Cloud Shift-left security demonstration containing infrastructure, continuous delivery pipeline and tooling to support security from within a build pipeline

This README project is like a README file but for a group (here the little-kitchen group)